ASP.NET provides an infrastructure for authentication and authorization that will meet most of your needs for securing an application. Three authentication schemes are available: Forms, Windows, and Passport.
If none of the built-in authentication schemes provided by ASP.NET meets the needs of your application, the .NET Framework provides the ability to create your own authentication scheme. This typically involves writing a custom class that implements the IAuthenticationModule interface and registering it to bypass the built-in .NET authentication. Custom authentication is not covered in this book because of its individual nature. You can find more details in the MSDN Library by searching for the term "custom authentication."
This chapter provides several recipes for securing your applications using the built-in mechanisms provided by ASP.NET. These are usually adequate to meet the needs of your application.
One of the most important recommendations we can make is that you always have the security features of your application reviewed by key project stakeholders and security specialists. Bringing other perspectives to issues of security is always a good idea because it is difficult to conceive of all the ways security may be breached in your environment. Having others inspect your plans saves you having to shoulder the entire security burden alone, which is an unwise and uncomfortable position to be in.
With regard to the enhancements to the security-related features in ASP.NET 2.0, you will notice that we have made strategic use of the login controls (especially the asp:Login and asp:LoginName), which simplify the process of writing security-related code as it relates to having users log in, log out, provide their name, etc. We will show you how to secure your website using ASP.NET 2.0's Membership and Role providers, which is the subject of the final recipe in the chapter. As part of this recipe, we will show you how to use the configuration tool ASP.NET 2.0 offers for managing users and their roles. Taken together, these security-related features make it easy to add strong authentication mechanisms to your website with little or no code.