Login and Database Question

[BigWinston]

Hi,

I wish to use the 'Login', 'Login View', 'Password Recovery', etc. controls in a web application I'm developing.

The only tutorials I see use a system database that is maintained by the Server if you go to 'Website->ASP.NET Configuration' and the security tab.

How can I still use these controls, but keep track of the users in my own SQL server 2005 database, and not in the "default"?

Thanks

[mcmcom]

we built our own system to handle this, (using .net 1.1) and it works pretty well.

the basic principals for it go like this:

1. Create some db tables. we use (siteLogins, siteLoginPasswordFirstTimeFree, siteLoginPasswordResetCodes)

2. when someone goes to Register to the site, they naturally create an account. On the creation it populates the username, tempPassword in the siteLogins table (all hashed of course), and then it creates a record in the PasswordFirsttimeFree linked to a cookie, so when they hit the login page with this cookie, it says "Set up your own password".

3. Once they set their password we stick a date/time stamp in that same table to signify that they already did the firsttime Free thing, and we kill the cookie (or write the date to it).

4. The password they created updates the logins table with their password and a password reset code gets inserted into the passwordReset table (this is just a 32bit GUID string that will be appended to an automated email we send out in the return link).

5. If they need to reset their password they go to a forum, type in their email and press submit. Our app then looks for the login in the ResetCode field, kills the password and sends an email with a returnlink with that GUID in it. if they follow the link with the correct guid and email address we then allow them to change the password, resetting this process.

hth,
mcm