Creating a login page with ASP.NET is almost ridiculously easy. First create a page called “Login.aspx”. If you want to use a page named something other than “Login.aspx”, you can specify that in your web.config file:

<authentication mode="Forms">
  <forms loginUrl="member_login.aspx" />
</authentication>

After that, add an <asp:Login …/> control inside your page. The how to use the ASP.NET login control article from MSDN has more details (if you need it). After a successful login, the user will be redirected back to the page they were originally trying to access before being redirected to Login.aspx. If the user went straight to Login.aspx, they they will be sent to your Default.aspx page. If you don’t have a Default.aspx page or simply want to send them somewhere else, add this attribute to your asp:Login tag:

DestinationPageUrl="~/YouLoggedIn.aspx"

Easy enough, huh? Well, how about the actual authentication? By default, ASP.NET will try to authenticate with the AspNetSqlMembershipProvider as specified in your machine.config file:

<membership>
  <providers>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web,
               Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer"
               enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/"
               requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
  </providers>
</membership>

If you want to use your own database provider, just specify it in your project’s web.config:

<connectionStrings>
  <add name="GlamRock" connectionString="server=skidrow;database=motleycrue;uid=poison;pwd=warrant;"/>
</connectionStrings>

<membership defaultProvider="MySQLProvider">
  <providers>
    <add name="MySQLProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,
               PublicKeyToken=b03f4a8e571d503a" connectionStringName="GlamRock" enablePasswordRetrieval="false"
               enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false"
               passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
  </providers>
</membership>

Or if you want to make your own provider you can easily do that too. Again, in web.config you add:

<membership defaultProvider="Simple">
  <providers>
    <add name="Simple" type="SimpleMembershipProvider, App_Code"/>
  </providers>
</membership>

Then add a new class declaration for SimpleMembershipProvider under App_Code, override ValidateUser and put your super complex code in it:

public class SimpleMembershipProvider : MembershipProvider
{
  public SimpleMembershipProvider()
  {
  }

  public override bool ValidateUser(string username, string password)
  {
    return (username == "mike" && password == "foo");
  }

…and of course you need to define all the rest of the abstract functions from the MembershipProvider base class. If you want to read in a flat file with all the account info you can do that or maybe read in a file that’s been encrypted with .NET’s encryption mechanism and then decrypt it. It’s really up to you. Although, I’m awfully fond of my implementation up above…