Manage Custom Security Credentials the Smart (Client) Way

oth Internet and intranet applications often require a custom store for user accounts and roles. ASP.NET 2.0 provides an out-of-the-box provider model as well as a SQL Sever database just for that propose. Unfortunately, the only way to administer the credentials databases is via Visual Studio 2005, and only for local Web applications. This article presents a full-blown custom security management application that administrators can use. The application wraps the ASP.NET 2.0 providers with a Web service and even adds missing features. This article presents the design approaches, challenges, and techniques involved in developing such an application. The article also walks you through some powerful yet useful techniques such as interface-based Web services, reflection-based Web service compatibility, advanced C# 2.0, Web services security, and Web services transactions.

ASP.NET 2.0 Credentials Infrastructure
Internet-based applications often don't rely on Windows accounts and groups, and instead resort to form-based authentication, combined with some kind of a back-end custom credentials store such as SQL Server. To save developers the trouble of designing and building such solutions over and over, ASP.NET 2.0 ships with a ready-made security credentials infrastructure. The ASP.NET 2.0 credentials store is not just for the sole use of ASP.NET applications: ASP.NET Web services and even Windows Forms applications can use it to manage their user's credentials. In addition, Windows Communications Foundation (codename Indigo) services can also be easily configured to use the ASP.NET 2.0 security credentials store.