For the rest of this chapter, you’ll see how to set up a forms-based authentication system for a website. In particular, you’ll look at how to:
Create the database to support forms-based authentication.
Create a website that hooks into the database.
Create the user accounts.
Group users into roles (groups).
Restrict users’ and groups’ activities on the site.
Your initial goal will be to have four pages: a default page that displays different information to users who are logged in than to users who are not yet logged in, a login page that allows the user to log in, one that allows users to retrieve their password if they have forgotten it, and one to change it if they require. To have users log in, however, you must create a database of users. Thus, the most important part of this process is setting up the database correctly, so you’ll start there.
ASP.NET forms-based security is based on a set of tables that must be created in your database, typically SQL Server or SQL Server Express. Fortunately, ASP.NET provides a utility named aspnet_regsql.exe, located in the %windows%\Microsoft.NET\Framework\v2.0.50727 folder on your web server, which sets up the tables for you. This utility program will create the required database and all its tables.
You can also use the ASP.NET Web Site Administration Tool (WAT) to set up the tables for you, but it assumes you are happy with the default options of using a SQL Express database stored in ...