First acquaintance with ASP. NET Membership user management

1. Differences from session

Membership 1 generally refers to the use of Microsoft's aspnetdb database for identity authentication

Session refers to the session information of website users

2. The Membership class provides functionality for:

1. Create a new user. 　

2. Store membership information (user name, password, e-mail address, and supporting data) in an Microsoft SQL Server or other similar data store. 　

3. Authenticate the users who visit the website. You can authenticate users programmatically, or you can use the Login control to create a complete authentication system with little or no code. 　　

4. Manage passwords, including creating, changing, retrieving and resetting passwords, and so on. You can choose to configure ASP. NET membership to require a password question and its answer to authenticate password reset and retrieval requests for users who forget their passwords. 　

Although ASP. NET membership is a stand-alone feature for authentication in ASP. NET, it can be integrated with ASP. NET role management to provide authorization services for the site. Membership can also be integrated with System. Web. Profile for ASP. NET users to provide application-specific custom implementations that can be tailored to individual users. For more information, see Understanding Role Management and ASP. NET Profile Properties Overview. 　

The Membership class relies on the membership provider to communicate with the data source. . NET Framework includes an SqlMembershipProvider that stores user information in an Microsoft SQL Server database and an ActiveDirectoryMembershipProvider that allows user information to be stored on an Active Directory or Active Directory application mode (ADAM) server. You can also implement a custom membership provider to communicate with other similar data sources that can be used by the Membership class. The custom membership provider inherits the MembershipProvider abstract class. For more information, see Implementing a Membership Provider. 　

By default, ASP. NET membership supports all ASP. NET applications. The default membership provider is SqlMembershipProvider and is specified in the computer configuration under the name AspNetSqlProvider. The default instance of SqlMembershipProvider is configured to connect to 1 local instance of Microsoft SQL Server. 　

You can specify SqlMembershipProvider for a non-AspNetSqlProvider instance as the default provider by modifying the default settings, or use the Web. config file to specify an instance of a custom provider as the default provider for an ASP. NET application. You can use the membership configuration section in the Web. config file to specify ASP. NET membership configuration for an Web application. You can use the providers subsection of the membership section to specify a membership provider other than the default provider 1. For example, the following membership section removes the default membership provider from the current application configuration and adds a new provider named SqlProvider that connects to the SQL Server instance named MySqlServer.

<configuration>

    <connectionStrings>

        <add name="SqlServices" connectionString="Data Source=MySqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />  　 

    </connectionStrings>

    <system.web>

        <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">

            <providers>

                <remove name="AspNetSqlProvider" />

                <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SqlServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed" applicationName="/" />

            </providers>

        </membership>

    </system.web>

</configuration>

In an ASP. NET application, the Membership class is used to verify user credentials and manage user settings, such as passwords and e-mail addresses. The Membership class can be used alone or in conjunction with FormsAuthentication 1 to create a complete user authentication system for an Web application or Web site. The Login control encapsulates the Membership class, thus providing a convenient user authentication mechanism.