Authentication and Authorization
Properly securing your Web sites has always been challenging. ASP.NET 1.x made significant improvements upon earlier technologies by encapsulating the security model into
the Framework. Security services are provided in the form of identities
and roles. You can programmatically create identities based on
credentials that are verified against the user store of your choice, and then persist this identity
through the user's session.
also implement roles-based security in
a variety of ways. For example, you can map roles to a folder so that only authenticated
users with proper role membership can access the folder.
All of this, however, required custom user data storage, a lot of code to bind the security services to the user data, and custom administrative interfaces to manage Web site security.
It's not an overstatement to say that security support in ASP.NET 2.0 and VWD is
a quantum leap over ASP.NET 1.x—the most comprehensive security model and suite
of features to date. The legacy limitations have been designed
out. The new
Provider API provides user data storage services right out of the box. Additionally, VWD provides a Web administration application for setting up and managing your security
system. The Provider API is also extensible, fully supporting custom user data storage.
What is more, a suite of new security controls will make your life much easier when
building such user interfaces as new user registration, login and lost password.
The following diagram gives you an overview of the evolution of ASP.NET security
In this next series of lessons you will build a robust security mechanism for your
Web application using the new authentication and authorization features of ASP.NET
2.0 and VWD.
Powered By ASP.NET v2.0