ASP.NET ships with a SqlMembershipProvider and a ActiveDirectoryMembershipProvider that makes user authentication and authorization very easy to implement, but for some reason those are the only membership providers provided natively by ASP.NET 2.0. So, what do you do when you don't want or can't use SQL Server or Active Directory for memberships? You have to build a custom membership provider that suits your needs.
That’s exactly what I faced when I wanted an XML membership provider for a small web project. The only one I could find on the web was a very simple read-only xml provider from MSDN. I then changed it to be writable as well, so you can dynamically add new users among other things. I also encrypted the passwords so no one is able to make sense out of them when looking at the XML file.
It’s plug n’ play, it works and it makes user authentication ridiculously easy. Download the code at the bottom and dump the XmlMembershipProvider.cs class into the App_Code folder and the users.xml into the App_Data folder. Then write this in the web.config.
<add name="XmlMembershipProvider" type="XmlMembershipProvider" description="XML membership provider" xmlFileName="~/App_Data/users.xml"/>
Now you have a membership provider that enables you to make use of the collection of built in authentication controls. You can also interact directly with the provider without using the built in controls. Here's an example of how to create a new user:
Membership.Provider.CreateUser("admin", "adminpw", "firstname.lastname@example.org", string.Empty, string.Empty, true, "admin", out status);
Even though you can access the provider programmatically, nothing beats the simplicity of the built in controls. To start using the XmlMembershipProvider, drag a CreateUserWizard to your webform and let the magic begin.