Scott Mitchell recently published part 5 of his nice series on using the new ASP.NET 2.0 Membership and Roles features. You can read the series here:
-- Part 1 - Learn about how the membership features make providing user accounts on your website a breeze. This article covers the basics of membership, including why it is needed, along with a look at the
SqlMembershipProvider and the security Web controls.
-- Part 2 - Learn how to create roles and assign users to roles. This article shows how to setup roles, using role-based authorization, and displaying output on a page depending upon the visitor's roles.
-- Part 3 - See how to add the membership-related schemas to an existing database using the ASP.NET SQL Server Registration Tool (
-- Part 4 - Improve the login experience by showing more informative messages for users who log on with invalid credentials; also, see how to keep a log of invalid login attempts.
The Microsoft Patterns and Practices Group also recently released a reference sample application that shows best practices on how to implement Internet based security with ASP.NET 2.0. You can download the sample and associated documentation here.
For other great resources on ASP.NET 2.0 Security, please check out this ASP.NET Security Resources link that I regularly update with links to tutorials, how-to articles, and books. I also highly recommend buying Stefan Shackow's ASP.NET Security, Membership and Role Management book:
Stefan works on the ASP.NET team and drove much of the design for the ASP.NET 2.0 Security features. His book does an awesome job of diving into how to maximize them. It is one of the books I pull down from my bookshelf to regularly consult when answering questions on the forums, and it contains a wealth of knowledge to leverage.
Hope this helps,