See Also: Membership Members
The System.Web.Security.Membership class is used in ASP.NET applications to validate user credentials and manage user settings such as passwords and e-mail addresses. The System.Web.Security.Membership class can be used on its own, or in conjunction with the System.Web.Security.FormsAuthentication to create a complete system for authenticating users of a Web application or site. The System.Web.UI.WebControls.Login control encapsulates the System.Web.Security.Membership class to provide a convenient mechanism for validating users.
If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. For a list of other topics related to membership, see Managing Users By Using Membership.
The System.Web.Security.Membership class provides facilities for:
Creating new users.
Storing membership information (user names, passwords, e-mail addresses, and supporting data) in Microsoft SQL Server or in an alternative data store.
Authenticating users who visit your site. You can authenticate users programmatically, or you can use the System.Web.UI.WebControls.Login control to create a complete authentication system that requires little or no code.
Managing passwords, which includes creating, changing, retrieving, and resetting them, and so on. You can optionally configure ASP.NET membership to require a password question and answer to authenticate password reset or retrieval requests for users that have forgotten their password.
Although ASP.NET membership is a self-standing feature in ASP.NET For authentication, it can be integrated with ASP.NET role management to provide authorization services for your site. Membership can also be integrated with the ASP.NET user System.Web.Profile to provide application-specific customization that can be tailored to individual users. For details, see Understanding ASP.NET Role Management and Understanding ASP.NET Profile Properties.
The System.Web.Security.Membership class relies on membership providers to communicate with a data source. The .NET Framework includes a System.Web.Security.SqlMembershipProvider, which stores user information in a Microsoft SQL Server database, and an System.Web.Security.ActiveDirectoryMembershipProvider, which enables you to store user information on an Active Directory or Active Directory Application Mode (ADAM) server. You can also implement a custom membership provider to communicate with an alternative data source that can be used by the System.Web.Security.Membership class. Custom membership providers inherit the System.Web.Security.MembershipProvider abstract class. For more information, see Implementing a Membership Provider.
By default, ASP.NET membership is enabled for all ASP.NET applications. The default membership provider is the System.Web.Security.SqlMembershipProvider and is specified in the machine configuration with the name AspNetSqlProvider. The default instance of the System.Web.Security.SqlMembershipProvider is configured to connect to a local instance of Microsoft SQL Server.
You can modify the default settings to specify a System.Web.Security.SqlMembershipProvider other than the AspNetSqlProvider instance as the default provider, or specify an instance of a custom provider as the default provider for your ASP.NET application using the Web.config file. You can specify the ASP.NET membership configuration for your Web application using the membership configuration section in the Web.config file. You can use the providers subsection of the membership section to specify a membership provider other than one of the default providers. For example, the following membership section removes the default membership providers from the current application configuration and adds a new provider with a name of SqlProvider that connects to a SQL Server instance named AspSqlServer.
Example
<configuration> <connectionStrings> <add name="SqlServices" connectionString="Data Source=AspSqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" /> </connectionStrings> <system.web> <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20"> <providers> <remove name="AspNetSqlProvider" /> <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SqlServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed" applicationName="/" /> </providers> </membership> </system.web> </configuration>