SUMMARY

We've only sampled some of the new security capabilities in ASP.NET 2.0. The Membership and Role Manager features are specifically designed to solve problems we saw developers addressing over and over again. While both complement and can be used easily with Forms Authentication, they were also designed to work independentlyindependently of one another and independently of Forms Authentication. Furthermore, both support the provider design pattern. This design pattern allows you to take complete control over how and where the data used for these features is stored. The provider design pattern gives you the ultimate control and flexibility, since you can control the business logic, while developers can learn a simple, friendly, and easy-to-use API.

While writing code using Membership has become more concise , there are also now cases where no code is required. The new security server controls make many scenarios, such as login or password recovery, so much easier to implement. The other security- related server controls simply save you the time formerly required to write code to perform simple tasks such as checking who is logged in.

The cookieless support for Forms Authentication means you don't have to require the use of cookies for authenticating userssomething many of you have been asking for.

Finally, the Web Administration Tool provides a simple way to administer site security without building custom tools.

Now it's time to extend the topic of users interacting with a site and look at how sites can be personalized.