With the first version of ASP.NET, you already had the option to authenticate users against several services. This served as the basis for allowing individual users access to specific areas of a web site. For intranet solutions, you could rely on Windows Authentication integrated by IIS. In the case of public web sites for the Internet, you could use Forms Authentication. The latter offered the possibility to place user-specific data in the web.config configuration file. Additionally, custom systems could be used to check user data against a database, for example. If your application required individual roles in this context, the situation started to get a little bit complicated.
The possibilities the ASP.NET version 2.0 provides go far beyond that. Now you have two complete built-in systems at your service: Membership Management and Role Management. These systems take the place of the authentication and authorization features of previous ASP.NET versions. Used in combination, both systems offer a completely generic and openly designed framework for the administration of users and roles—independent of the data store being used.
The Membership Management system offers the following features, among other things:
Creation of new users
Storage of user data like name, login, password, and so on in the SQL Server, Microsoft Access, or any other data source of your choice by individual membership providers
Administration of passwords, including storage, verification, resetting, expiration, and so on, as well as web controls for passwords that have been forgotten
Authentication of users via specific web controls or individually with the help of the Membership Management API
Provision of unique user IDs for authenticated users as a basis for individual authorizations and personalization
Optional allocation of unique IDs for nonauthenticated and anonymous users to attach information to them within the scope of personalization, for example
Additionally, the following functions are just two of the many being integrated via the Role Management system:
Administration of roles, including a Role Management API to add or to delete them
Storage of roles in an encrypted cookie