The System.Web.Security namespace contains classes that are used to implement ASP.NET security in Web server applications.
Remarks
The System.Web.Security.Membership class is used by ASP.NET applications to validate user credentials and manage user settings such as passwords and e-mail addresses. The System.Web.Security.Roles class enables you to manage authorization for your application based on groups of users assigned to roles in the Web application.
Both the System.Web.Security.Membership class and the System.Web.Security.Roles class work with providers, classes that access your application's data store to retrieve membership and role information. Membership and role information can be stored in a Microsoft SQL Server database using the System.Web.Security.SqlMembershipProvider and System.Web.Security.SqlRoleProvider classes; in an Active Directory using the System.Web.Security.ActiveDirectoryMembershipProvider and System.Web.Security.AuthorizationStoreRoleProvider classes, or in a custom data source using implementations of the System.Web.Security.MembershipProvider and System.Web.Security.RoleProvider classes.
You configure ASP.NET membership using the membership Element (ASP.NET Settings Schema). When an application using membership is accessed, ASP.NET creates an instance of the System.Web.Security.Membership class that you can use to query membership information. Provider-specific implementations of the System.Web.Security.MembershipUser class contain information about the user accessing the page. You can create custom implementations of the System.Web.Security.MembershipUser class for your application.
You configure ASP.NET roles using the roleManager Element (ASP.NET Settings Schema). ASP.NET creates an instance of the System.Web.Security.Roles class that contains information about the role membership of the current user.
ASP.NET provides server controls that interact with the System.Web.Security.Membership class and the System.Web.Security.Roles class. The System.Web.UI.WebControls.Login, System.Web.UI.WebControls.CreateUserWizard, and System.Web.UI.WebControls.ChangePassword controls work with the System.Web.Security.Membership class to simplify creating an authenticated Web application, and the System.Web.UI.WebControls.LoginView control uses role-specific templates to customize Web pages for specific groups of users.
Classes
| Type | Reason |
|---|---|
| ActiveDirectoryConnectionProtection |
Specifies the connection protection options supported by the System.Web.Security.ActiveDirectoryMembershipProvider class. |
| ActiveDirectoryMembershipProvider |
Manages storage of membership information for an ASP.NET application in Active Directory and Active Directory Application Mode servers. |
| AnonymousIdentificationEventArgs |
Provides data for the AnonymousIdentification_Creating event. This class cannot be inherited. |
| AnonymousIdentificationEventHandler |
Represents the method that handles the AnonymousIdentification_Creating event of a System.Web.Security.AnonymousIdentificationModule. |
| AnonymousIdentificationModule |
Manages anonymous identifiers for the ASP.NET application. |
| CookieProtection |
Describes how information in a cookie is protected. |
| DefaultAuthenticationEventArgs |
Provides data for the DefaultAuthentication_OnAuthenticate event. This class cannot be inherited. |
| DefaultAuthenticationEventHandler |
Represents the method that handles the DefaultAuthentication_OnAuthenticate event of a System.Web.Security.DefaultAuthenticationModule. |
| DefaultAuthenticationModule |
Ensures that an authentication object is present in the context. This class cannot be inherited. |
| FileAuthorizationModule |
Verifies that the user has permission to access the file requested. This class cannot be inherited. |
| FormsAuthentication |
Manages forms-authentication services for Web applications. This class cannot be inherited. |
| FormsAuthenticationEventArgs |
Provides data for the FormsAuthentication_OnAuthenticate event. This class cannot be inherited. |
| FormsAuthenticationEventHandler |
Represents the method that handles the FormsAuthentication_OnAuthenticate event of a System.Web.Security.FormsAuthenticationModule. |
| FormsAuthenticationModule |
Sets the identity of the user for an ASP.NET application when forms authentication is enabled. This class cannot be inherited. |
| FormsAuthenticationTicket |
Provides access to properties and values of the ticket used with forms authentication to identify users. This class cannot be inherited. |
| FormsIdentity |
Represents a user identity authenticated using forms authentication. This class cannot be inherited. |
| Membership |
Validates user credentials and manages user settings. This class cannot be inherited. |
| MembershipCreateStatus |
Describes the result of a System.Web.Security.Membership.CreateUser(string, string) operation. |
| MembershipCreateUserException |
The exception that is thrown when a user is not successfully created by a membership provider. |
| MembershipPasswordException |
The exception that is thrown when a password cannot be retrieved from the password store. |
| MembershipPasswordFormat |
Describes the encryption format for storing passwords for membership users. |
| MembershipProvider |
Defines the contract that ASP.NET implements to provide membership services using custom membership providers. |
| MembershipProviderCollection |
A collection of objects that inherit the System.Web.Security.MembershipProvider abstract class. |
| MembershipUser |
Exposes and updates membership user information in the membership data store. |
| MembershipUserCollection |
A collection of System.Web.Security.MembershipUser objects. |
| MembershipValidatePasswordEventHandler |
Represents the method that will handle the System.Web.Security.MembershipProvider.ValidatingPassword event of the System.Web.Security.MembershipProvider class. |
| PassportAuthenticationEventArgs |
The event argument passed to the System.Web.Security.PassportAuthenticationModule.Authenticate event by a System.Web.Security.PassportAuthenticationModule. Since there is already an identity at this point, this is useful mainly for attaching a custom System.Security.Principal.IPrincipal object to the context using the supplied identity. This class is deprecated. |
| PassportAuthenticationEventHandler |
Represents the method that handles the PassportAuthentication_OnAuthenticate event of a System.Web.Security.PassportAuthenticationModule. This class is deprecated. |
| PassportAuthenticationModule |
Provides a wrapper around Passport Authentication services. This class cannot be inherited. This class is deprecated. |
| PassportIdentity |
Provides a class to be used by System.Web.Security.PassportAuthenticationModule. It provides a way for an application to access the System.Web.Security.PassportIdentity.Ticket(string) method. This class cannot be inherited. This class is deprecated. |
| RoleManagerEventArgs |
Provides event data for the System.Web.Security.RoleManagerModule.GetRoles event of the System.Web.Security.RoleManagerModule class. |
| RoleManagerEventHandler |
Defines the delegate for the System.Web.Security.RoleManagerModule.GetRoles event of the System.Web.Security.RoleManagerModule class. |
| RoleManagerModule |
Manages a System.Web.Security.RolePrincipal instance for the current user. This class cannot be inherited. |
| RolePrincipal |
Represents security information for the current HTTP request, including role membership. This class cannot be inherited. |
| RoleProvider |
Defines the contract that ASP.NET implements to provide role-management services using custom role providers. |
| RoleProviderCollection |
A collection of objects that inherit the System.Web.Security.RoleProvider abstract class. |
| Roles |
Manages user membership in roles for authorization checking in an ASP.NET application. This class cannot be inherited. |
| SqlMembershipProvider |
Manages storage of membership information for an ASP.NET application in a SQL Server database. |
| SqlRoleProvider |
Manages storage of role membership information for an ASP.NET application in a SQL Server database. |
| UrlAuthorizationModule |
Verifies that the user has permission to access the URL requested. This class cannot be inherited. |
| ValidatePasswordEventArgs |
Provides event data for the System.Web.Security.MembershipProvider.ValidatingPassword event of the System.Web.Security.MembershipProvider class. |
| WindowsAuthenticationEventArgs |
Provides data for the WindowsAuthentication_OnAuthenticate event. This class cannot be inherited. |
| WindowsAuthenticationEventHandler |
Represents the method that handles the WindowsAuthentication_OnAuthenticate event of a System.Web.Security.WindowsAuthenticationModule. |
| WindowsAuthenticationModule |
Sets the identity of the user for an ASP.NET application when Windows authentication is enabled. This class cannot be inherited. |