Fortunately, ASP.NET 2.0 has built-in controls to provide login and user management capabilities to enhance Web application security. See this Expert Answer, ASP.NET Forms Authentication in version 2.0, for some background on the new features of Forms Authentication. Out of the box, ASP.NET Forms Authentication comes with providers for Microsoft SQL Server and Active Directory. This is accomplished by using the SqlMembershipProvider and SqlRoleProvider classes or the ActiveDirectoryMembershipProvider class to implement the back-end services supporting required authorization and user management functions.
In order to support Oracle or Microsoft Access, you will have to extend the abstract MembershipProvider and RoleProvider classes from the System.Web.Security namespace. There are a couple of methods that must be implemented, and they are centered around validating users and creating and updating users and roles as you would like to store them in the Access or Oracle database.
Once these classes have been created, the Web application should be configured by updating the Web.config file. The Web application should be configured to use Forms Authentication, and the specific providers should be added for membership and role management. For more information on these Web.config changes as well as some code examples, see this article.
The Forms Authentication capabilities of the ASP.NET 2.0 platform make it straightforward to support powerful authentication and authorization abilities backed by Microsoft SQL Server and Active Directory back ends. In addition, the use of the Provider pattern makes it easier to support other user datastore back ends such as Microsoft Access or Oracle with modest effort.More information:
This was first published in October 2006