I asked Imar a question . here it is and here is his answers:
In the web site I building I have a customers tables where I have login and password
The web is designed to not let new user create account and login
People who need to login get the user and password from our customers service.
So I wanted to know what is the best way to handle this, because I don’t think I need to use the Role and Membership objects and also the aspnetdb to control the users.
I just want to check against my table and keep a session variables (or profile) for the user
(Customer id and name).
Is there a way to do that nice and easy?
Do I need to set form authentication mode? Set the session timeout? Where to check the user and password against my DB (customer table) – in the Login1_Authenticate event?
Or am I completely wrong here?
1. Why wouldn’t you use MemberShip and Roles? Your admins can use the same controls to create accounts for others. Why complicate matters and roll your own solution?
2. In that case, you could try building your own provider: http://imar.spaanjaars.com/QuickDocId.aspx?quickdoc=404
The article explains how to use Microsoft Access, but it contains a link to the SQL Server version of the full source code. Not an easy thing to do, though.
If all you need to do is authenticate, you can use FormsAuthentication (http://www.google.com/search?hl=en&q...&aqi=g-sx1&oq=
) and target your own database.
many thanks to Imar