12.14. Summary
The provider works in both ASP.NET and non-ASP.NET environments that are running at Low trust or higher. Remember, though, that the provider needs SqlClientPermission in partial trust environments and that this permission is not granted by default in Low trust. SqlMembershipProvider implements all the security functionality available in the Membership feature. This includes advanced security features such as question-and-answer-based password resets as well as account lockouts when bad passwords or bad password answers are used. The provider stores user-related data in a combination of tables: some common to all SQL-based providers, and some are specific to SqlMembershipProvider. Although there is nothing technically preventing you from using these tables directly, the expectation is that public APIs like the MembershipProvider class should be used for inserting and updating data. Only in the case where you need more extensive read-only access to Membership data should you query the database directly. ASP.NET ships with a number of SQL views that expose the data from the underlying tables for you to write SELECT queries against.
Although the default database engine used by SqlMembershipProvider is SQL Server 2005 Express, developers can easily change the LocalSqlServer connection string in machine.config to point the provider at any database server running SQL Server 7.0, 2000, or 2005. The only special logic that SqlMembershipProvider supports (and for that matter ...
Get Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
