I can hear you now "Yeah, yeah, yeah... so people won't break
in. Who cares?" Well you should!
You can now get real account impersonation and have the server
execute code as if the user was sitting right there. You can
also programmatically check to see if the user is in a given role
and conditionally let them do certain things only if they have the
Most of the rest is the same... more options... better support.
Users and Roles are cool, but this is what you care about...
Finally it's here! Forms-based authentication is where you can
do your own custom login screen and your own credential checking
and yet still have ASP.NET handle authenticating the user,
redirecting unauthorized users to the login page, cookie
management, and all the junk you used to have to build yourself.
This sort of authentication extremely popular on the web already,
but you had to build it... well not any more!
This is a godsend for anyone doing database-based authentication
or if you just can't justify giving every user a NT account, but
you still want to secure something. Or
what about time-based authentication where you only let users in
during work hours. The list of useful applications goes on and on,
but now the implementation time doesn't have to.