Problem solve Get help with specific problems with your technologies, process and projects.

ASP.NET Forms Authentication in version 2.0

Forms Authentication has changed from ASP.NET 1.1 to ASP.NET 2.0. .NET security expert Dan Cornell explains how .to use this tool to boost application security.

How has Forms Authentication changed from ASP.NET 1.1 to ASP.NET 2.0?
ASP.NET application security has benefited from features in Forms Authentication for version 2.0. In short, ready-made UI components and data management implementations have made it a lot simpler to add mature authentication and authorization capabilities to your Web applications.

ASP.NET 2.0 adds a number of components with ready-made implementations of functionality that had to be built by hand in the ASP.NET 1.1 version. Examples of these include login forms, user creation wizards and password recovery logic. By providing these capabilities out of the box, it is faster to get secure Web applications up and running, and the use of the security-tested ASP.NET framework controls is typically going to be preferable over hand-coding new implementations for each new application.

ASP.NET application security resources
Forms Authentication -- Chapter 5, Professional ASP.NET 2.0 Security, Membership and Role Management

Login and user management controls in ASP.NET

Migrating users and passwords to ASP.NET 2.0
Previously, applications using Forms Authentication had to create and maintain their own data store for users and their roles. These were typically stored in a couple of tables in a database such as Microsoft SQL Server. In ASP.NET 2.0, implementations are provided to handle these ubiquitous tasks for both Microsoft Access as well as Microsoft SQL Server. The specifics of accessing these data stores are hidden behind interfaces employing the Provider design pattern, so while most applications will be satisfied with the SQL or Access versions, it is straightforward to create new implementations if the user and role data are stored in another data store such as an LDAP directory or XML files.

By using these new controls and ready-made data storage implementations, it is a lot faster to get Forms Authentication-based applications up and running. This is a benefit to both developer productivity as well as application security.

Dig Deeper on Topics Archive

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.