ASP.NET Security Infrastructure
Before you learn how to take advantage of ASP.NET’s credential-management and security with non-ASP.NET applications, you need to learn a bit about the ASP.NET user credential management infrastructure. Out of the box, ASP.NET applications can store their custom user credentials in either SQL Server or SQL Server Express, or in Active Directory. That said, the credential-management architecture is that of a provider model, and you can easily add other storage options (such as an Access database). .NET 2.0 installs web site administration pages under \Inetpub\wwwroot\aspnet_webadmin\<version number>.
ASP.NET developers can configure their application directly from within Visual Studio 2005. When selecting ASP.NET Configuration from the Web Site menu, Visual Studio 2005 will browse to the ASP.NET administration pages and allow you to configure various parameters, including security configuration (see Figure B-1). You can configure the following aspects for your application:
Select which store to use, such as an SQL Server or SQL Server Express. The information stored is credentials (username and password) and role-membership. You can even choose to use one repository for credentials and another for role membership.
Create new users and delete existing ones.
Create new roles and delete existing ones.
Allocate users to roles.
Additional features not relevant to this appendix.
Note that the same database tables are used to store the user information from multiple ...