Hi Fellows, maybe some of you can help me solve this issue I cannot find workaround for (I've googled it up, trust me)

I need to implement security on my apps, with the following requirements:

- Login / logged in blocks must be inside a usercontrol, mainly cause I need to place it on different places on different pages
- I have a public area, that is, even not authenticated users have something to mess with.
- I need roles, and according to these roles, render the pages/ controls in different ways (for instance, if you're admin, you can delete stuff, if you're not, you can se stuff but deleting is disabled, but the container control is the same)
- I don't want to use the membership controls since that uses its own database, and that does not work for me, for i need to implement (for instance) referential integrity, so if user is deleted.... delete all the stuff he's guilty for. I also need my own control so I can squeeze it the way i like :)
- I need to be able to retrieve account's data at any time (for logging user's actions)

As an 'old' asp programmer, maybe I'm looking at this with old fashion glasses, but I think forms-auth is the way to go. What would u suggest? I cannot find an example where that thing is inside a usercontrol and afterwards using account's details to ensure conditional control over pages.

Help!
And thanks 2 u all in advance,
Mauro

As long as you specify a connection string for the membership provider it doesn't care which database it resides in.  I think that the membership is the best way forward and you can put the login controls within your own controls.

If the membership database design is not to your liking then you could always create your own membership/role providers.

Regards.

Ok, I've read the complete chapter about "membership" from a book I had. DLester01, I kept in mind what u said all the time and it was pretty useful, it might be my 'way to go'

Now my question is... suppose I DO have time to build my own set of login/auth controls and manage all the users and roles myself (which i did for old asp and works just fine) ... is still any other reason why I would want to use this membership stuff?
The way i see it, you just need a few 'modules' where to login and some others for user administration... and you can have 100% control over the controls, fields, extended properties, whatever u want to add it!

What makes the membership control-set so good? Why is it called API if it's nothing more than a bunch of controls doing the 'dirty' ado.net stuff for you? Is there any special security feature? Is there an extremelly complex flow? How is the session info stored? It's scary for me the idea of modifying cusomer's needs just because there's something out there already done which partly does the job.

 I say all this because I really need to understand it very well if I'm gona jump into a "prebuilt world" (aka asp.net)
Most people will say "we dont like your complain" but i really need to understand how from one day to another, everybody likes it this way.

I feel much better now :)
Regards,
Mauro