Chapter 11. Security and Membership

11. Security and Membership

ASP.NET contains a range of features that make it easy to create areas of a Web site or Web application that are not universally available to anonymous visitors. This is a common requirement in many sitesperhaps an area where you provide premium content that you want to charge people to view or download, or where you simply want to monitor who is accessing that area of the site. While this has long been part of Web sites created in all kinds of programming and scripting languages, ASP.NET removes the need to create and maintain the basic code and processes that this requires. Instead, a set of intelligent server controls and built-in request handling features do most of the groundwork and simplify development.

Once you have a system of identifying visitors through a "login" feature such as that provided by ASP.NET, you can take the next stepmaintaining useful information about visitors and presenting them with personalized content. For example, you may want to allow each user to specify the color or layout of the pages they visit, or their options when reading messages in a Web forum.

The following chapter looks in detail at personalization and the associated topics of themes and different appearances for the pages. This chapter, however, concentrates on the features that enable personalization and other possibilities, and shows how you can implement security, user identification, and login pages for visitors using the features built into ASP.NET.

The topics for this chapter are the following:

• Preventing anonymous access to Web sites and Web pages

• Membership and Roles in ASP.NET

• The ASP.NET Web Site Administration Tool

• The ASP.NET server controls that support the security features

• Accessing the Membership and Roles features in code

The chapter starts by looking at how you can secure all or part of your Web site, and how to provide login features.