All web applications that support user accounts most of the time require its users to be authenticated before taking any actions. When ASP.NET 2.0 was released, the ASP.NET team at Microsoft worked on finding a solution for authentication by introducing the Membership framework.
- [Instructor] Old view web applications that support user accounts most of the time require similar features like log in for users, signing up a user, et cetera. There are a lot of apps that require the users to be authenticated before taking any actions like for example leaving a review or a comment, following others, liking something that others have published, et cetera. Prior to ASP.net 2.0 developers were having a hard time with all this user account related tasks and this is when ASP.net team at Microsoft worked on finding a solution by introducing membership framework.
But what is membership? This framework is a set of classes in the .net framework that provide an easy way of accomplishing the core user account related tasks like creating, deleting, getting, updating, validating, and more. ASP.net membership also supports storing membership information like usernames and passwords in Microsoft SQL server, Active directory or another data store.
ASP.net membership is flexible enough to allow you to specify a custom membership provider which allows you to write your implementation to manage membership and maintain membership data in a custom data store. But why do we need it? Membership framework will simply make our lives as developers easier. An important aspect of the membership system is that you never need to explicitly perform any low level database functions to work with user data.
For example you create a new user by calling the membership create a user method. The membership system handles the details of creating the necessary database records to store the user information.
- Identity management
- Authentication vs. authorization
- Authentication via Facebook, Google, Microsoft, and more
- Email confirmation
- Two-step authentication
- Simple, role-based, and view-based authorization
- Defending against vulnerabilities