Forms authentication is amazingly simple in ASP.NET 2.0. Not only does it manage user credentials and roles for you, it also provides controls for logging in, creating new users, e-mailing lost passwords, and more. It even maps requests to roles, something that required some non-trivial coding in ASP.NET 1.x.

Here’s a tip to make life easier with the new LoginStatus control. I set its LogoutPageUrl property to my home page so users would be redirected back to the home page after logging out. It didn’t work. At first I figured it was a bug in beta 1, but then I found the LogoutAction property. I set LogoutAction=“Redirect“ and lo and behold, clicking the Logout link sent me right back to the home page. Moral: LogoutPageUrl is only meaningful if LogoutAction=”Redirect.” Case closed!