Duncan,

I use FormsAuthentication against SqlServer for RegexLib.com. I use it to authenticate the owners of patterns via direct website access as well as via webservice access.

Basically, in a WebService scenario I pass AuthenticationTickets around.

I'm not sure if you've seen it or not, but here's a great article about using Forms Authentication with SQL Server 2000. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT03.asp

Yes
Yes
Forms Auth
ID'ing anyone permitted to add/edit content*

* - works great for stopping comment spam. Stops comments too, but that's besides the point. Allows just me to update the photo album, or a friend to update the news if they ever want to. Lets me edit pages from anywhere, etc.

I use FormsAuthentication against a SqlServer for my sites. I simply store the hashed password so there is no risk of plain text sniffing. I have found there to be too many spiders that just crawl around leeching up every bit of content for redistribution.

I know several people who host code examples that have added free registrations to protect their code from automated leeching.

I put some simple protection on my personal site to guard some mildly personal pictures.

What I did was use a simple form combined with a few lines of ASP to verify against a hard coded password. The password was a combination of my birthdate & middle name and that's clearly stated at the login. I used those things cause it's stuff only the family and close friends would know offhand.

It offers all the protection I needed and it literally took all of ten minutes to make.

I use forms authentication against SQL Server too. I basically use it for permissions for content management right now, but I think I'll soon show certain content only to select individuals. I doesn't hurt, you can always give people the option to remain anonymous.