Fortunately, Microsoft has provided relief for application-based authentication drawbacks in the 2.0 version of the ASP.NET framework, with the ASP.NET membership functions, and in our case, the SqlMembershipProvider
. The membership API makes it simple for us to use forms authentication in our application, retrieving authentication and membership information from a membership provider. Similar to the classes we created in the last chapter for our data access layer and business logic layer, the membership provider abstracts the membership details from the membership storage source. Microsoft provides two providers—the ActiveDirectoryMembershipProvider
that uses Active Directory and the SqlMembershipProvider
that uses an SQL server database for the user data store.
By default, ASP.NET authentication uses cookies—small text files stored on the user's system—to maintain authentication status throughout the application. These cookies normally have an expiration time and date...