I am developing a membership type web site that will eventually be hosted by a third party, probably Godaddy. So far, it works very well on my development machine, but I am confused about how the security portion including roles, etc. should be deployed. I think I am getting two different versions of deployment from my search into the forums. One solution says that I can change my web.config, upload the site to the hosting machine and then enjoy the fruits of my labor. If that is true then I have other questions like, "How would I then maintain membership and roles using the ASP.NET configuration tool?".
The other solution says that I have to create special admin pages (and code) for use on the hosting machine. This is what a Godaddy support person told me, but I am not so sure that he really knows ASP.NET that well. If this second solution is correct then I don't have a clue about how to go about developing and implementing it. Don't get me wrong. I have been a developer for many, many years in different languages and on different platforms, but I'm still a novice at ASP.NET. So I can do whatever is necessary once I have the appropriate information. I guess the bottom line is that I have not seen any definitive documentation, books, white papers or whatever that addresses this issue. It seems like every post or article that I have read really talks around this subject but does not give enough specifics.
So which approach is correct, and where can I find good documentation on how to do it?