SECURITY IS AN IMPORTANT FEATURE of most Web applications, and thinking about it earlier rather than later can save you heartache and money down the road. That's why this chapter doesn't come at the end of this book!
ASP.NET 2.0 shipped with a number of new security features and improvements. If you're using Forms authentication, you'll be happy to know that it's gotten a lot of attention in this new version, with a robust provider model making it easy to track user accounts and roles. We'll explore the Membership and Role providers in depth in this chapter, and talk about real-world security issues you should consider when configuring them. We'll also explore the role of machine keys and some other features such as cookieless Forms authentication and web.config file encryption.