Forms-Based Authentication in Detail

ASP.NET 2.0 forms-based security is based on a set of tables that must be created in your database, typically SQL Server or SQL Server Express. Fortunately, ASP.NET provides a utility named aspnet_regsql.exe, located in the <Drive:>\Windows\Microsoft.NET\Framework\versionNumber folder on your Web server, that sets up the tables for you. (The version number will be determined by which version of the 2.0 framework you have installed on your machine.) This utility program will create the required database and all its tables.

The easiest way to use this utility is to run aspnet_regsql.exe utility from the .NET command box with no arguments. A wizard will be started that will walk you through the process.


You can set up the tables using the ASP.NET Web Site Administration Tool, as described later.

The database is .\SQLEXPRESS, the authentication type is Windows, and the name of the db is aspnetdb. For more details, see the MSDN article “Installing the SQL Server Provider Database”.

Create the Application

To begin, create an empty directory called Security. In the IIS manager (accessed through the Control Panel), create a virtual directory to point to the Security folder, and after it is created, right-click the new virtual directory and select Properties.

In the Properties window, click the ASP.NET tab, and then click Edit Configuration. Within the ASP.NET Configuration Settings dialog, click the Authentication tab, and within that tab, set the Authentication ...

Get Programming ASP.NET, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.