I'll preface this by saying: I don't really understand how membership providers work in ASP.NET, and I'm trying to understand them better.
I just created a new MVC3 solution in VS2010. I can run it within ASP.NET's development server, and it works great - really cool. But what I'm a little confused about is just how forms authentication is working within the ASP.NET development server.
Consider the stock version of AccountController.cs:
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
&& !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
}
}
It uses the Membership class to validate usernames and passwords that are registered through the MVC3 website. That's great, I get it, but... how exactly does this work? Especially within the ASP.NET development server?
Is there a database I can somehow open and look and see what test info I've entered? Where is it?
Like I said, I don't really understand how this works - and if I can't figure it out for the ASP.NET development server, then I certainly won't be able to figure it out in IIS. I've read through Microsoft's Introduction to Membership documentation, but I don't feel it really does a good job at explaining how this is working at a lower level; it seems to just say that membership is "built-in" - ok, that's cool, but there has to be more to the story than that, right?
