ASP.NET Membership security controls in ASP.NET

ASP.NET ships with several controls you can use in your ASP.NET pages that simplify the process of creating login pages. These controls rely on the underlying forms authentication and the membership API infrastructure. The next table describes security controls that ship with ASP.NET and summarizes their typical usage scenarios:

 

Control

Primary usage

Login

The Login control is a composite control which displays a user name and password text box with a login button. When events are caught through custom event procedures, it automatically validates the user against the default membership provider. This control is typically placed on a login.aspx page used for forms authentication. You can also place it on any page where you want to allow users to sign in to your website.

You can find more details from the articles: ASP.NET Membership login control , How to manage ASP.NET membership Login control appearance , ASP.NET Membership Login control customization properties , How to use ASP.NET Membership Login control with templates , How to program the ASP.NET Membership Login control in C# and How to program the ASP.NET Membership Login control in VB.NET

LoginStatus

This simple control is used to validate the authentication state of the current session.  If the user is not authenticated, it offers a login button that redirects to the configured login page. Otherwise, it displays a sign-out button for the possibility of logging off. This control encapsulates behavior that should typically be available on all your pages, and idea to place it on a master page is very useful. You can also use it on any page where you think displaying the login status with direct links to a login page or for signing out is useful for your users.

You can find more details from the article: How to use ASP.NET membership LoginStatus control

LoginView

This powerful control allows you to display different sets of controls for authenticated and unauthenticated users. In addition, it allows you to display different controls for users who are in different roles. This control is typically placed on content pages, as it displays contents of your website depending on the user currently working with a web page.

You can find more details from the article: How to use ASP.NET membership LoginView control

PasswordRecovery

This control allows the user to retrieve the password if the user has provided an email address during registration. It requests the user name from the user and then automatically displays a user interface that displays the password question and requests the appropriate answer from the user. If the answer is correct, it uses the membership API to send the password to the user. You can put this control control on a separate page in your website, which allows the user to reset the password. This page can be referred from the login page.

You can find more details from the articles: How to use ASP.NET membership PasswordRecovery control , How to customize ASP.NET membership PasswordRecovery control in C# and How to customize ASP.NET membership PasswordRecovery control in VB.NET

ChangePassword

This control requests the old password from the user and lets the user enter a new password, including the password confirmation. You usually put this on a separate ASP.NET page, which allows the user to change his password.

You can find more details from the article: How to use ASP.NET Membership ChangePassword control

CreateUserWizard

Includes a complete wizard that guides the user (or an administrator) through the process of creating a user. This control is typically placed on a separate ASP.NET page in your website, which allows users to register themselves on your website.

You can find more details from the articles: How to use ASP.NET Membership CreateUserWizard control , How to use ASP.NET Membership CreateUserWizard control events in C# and How to use ASP.NET Membership CreateUserWizard control events in VB.NET

You can use these controls with any other control.. Every control works in the same way: if you don’t handle any custom events, all these controls work with the membership API by default. As soon as you handle events provided by the controls, you are responsible for completing the task.