How to create and authenticate users as a step of Membership API in ASP.NET in C#

You can create new users in your membership provider store, by launching the WAT. You have to select the Website->ASP.NET Web Configuration menu from within Visual Studio. Now you have to switch to the Security tab and select Create User, as shown in the next picture:
Creating users with the WAT in C#

Creating users with the WAT in C#

After you have created a couple of users, you can connect to the database through Visual Studio’s Server Explorer or with the SQL Server Management Studio, and look at the aspnet_Users and aspnet_Membership tables in the database, as shown in the next picture:
The aspnet_Users table in the membership database in C#

The aspnet_Users table in the membership database in C#

If you want to store passwords and answer for the password question as a salted hash in the database you have to select the passwordFormat=”Hashed” option for the provider in the <membership> configuration section. You can see the result of this option by opening the the aspnet_Membership table where these values are stored as you can see in the next picture:
The aspnet_Membership table with the password-hash and salt values in C#

The aspnet_Membership table with the password-hash and salt values in C#

After you have added users to the membership store, you can authenticate those users with the membership API. For that purpose, you have to create a login page that queries the user name and password from the user and then validates those credentials against the credential store, as follows:
protected void LoginAction_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(UsernameText.Text, PasswordText.Text))
{
FormsAuthentication.RedirectFromLoginPage(UsernameText.Text, false);
}
else
{
LegendStatus.Text = “Invalid user name or password!”;
}
}
Note: You don’t need to know which provider is actually used by the application. You can use different membership provider by changing the configuration so that the membership API uses this different provider. Your application doesn’t know about any details of the underlying provider.