Security - ASP.NET Membership
By default security is built in to a ASP.NET Web Forms application
or an ASP.NET MVC application, and the settings are already in
the root level web.config file. Forms mode is best used with
internet applications and Windows mode for intranet applications.
In forms mode the use must enter a username and password to access
the pages where access is limited to authorised users
By default usernames and passwords will be stored in a local SQL
Server LocalDb database file stored in the App_Data folder.
This database is automatically created when the first user registers.
The membership security system can be configured in various ways.
The standard settings are shown above. The only one I would be tempted
to change for sure is that I believe each user should have a unique
email address in order to avoid confusion.
