I need to quickly wrap some security around an existing ASP.Net 2.0 web app. After thinking about it for a moment, I remembered that Microsoft created that Membership and Roles paradigm a couple of years back, and that Visual Studio could essentially create everything for you.

Thus I forged forward using the built in ASP.Net Web Site Administration Tool and created a simple little security framework around the application. After setting all of the options, Visual Studio created a nice little SQL Express DB called ASPNETDB.MDF right under the newly created App_Data directory of my website. This works great until you deploy it.

After trying to push this app to my DEV server I realized that it’s not going to work unless you have SQL Express installed on the hosting machine. Worse yet, I figured that there’s essentially no way this would work under a load balanced environment considering the DB itself will only be isolated to one of the N nodes.

Rather than work to script out the DB and shove it into my existing SQL box…I figured I’d ask the StackOverflow if there is a better solution for simple yet secure ASP.Net websites.

I’d love to maintain the existing model yet have the database become a local, or flat-file DB baked right into the application. For the time being I’m even fine with deploying the flat file with each user or role change to counteract the load balanced sites in PROD.

Is there not a way to create some sort of similar setup with a flat file? I thought that was the point of the App_Data folder?