How to create and authenticate users as a step of Membership API in ASP.NET in VB.NET

You can create new users in your membership provider store, by launching the WAT. You have to select the Website->ASP.NET Web Configuration menu from within Visual Studio. Now you have to switch to the Security tab and select Create User, as shown in the next picture:
Creating users with the WAT in VB.NET

Creating users with the WAT in VB.NET

After you have created a couple of users, you can connect to the database through Visual Studio’s Server Explorer or with the SQL Server Management Studio, and look at the aspnet_Users and aspnet_Membership tables in the database, as shown in the next picture:
The aspnet_Users table in the membership database in VB.NET

The aspnet_Users table in the membership database in VB.NET

If you want to store passwords and answer for the password question as a salted hash in the database you have to select the passwordFormat=”Hashed” option for the provider in the <membership> configuration section. You can see the result of this option by opening the the aspnet_Membership table where these values are stored as you can see in the next picture:
The aspnet_Membership table with the password-hash and salt values in VB.NET

The aspnet_Membership table with the password-hash and salt values in VB.NET

After you have added users to the membership store, you can authenticate those users with the membership API. For that purpose, you have to create a login page that queries the user name and password from the user and then validates those credentials against the credential store, as follows:
Protected Sub LoginAction_Click(sender As Object, e As EventArgs) Handles LoginAction.Click
If Membership.ValidateUser(UsernameText.Text, PasswordText.Text) Then
FormsAuthentication.RedirectFromLoginPage(UsernameText.Text, False)
Else
LegendStatus.Text = “Invalid user name or password!”
End If
End Sub
Note: You don’t need to know which provider is actually used by the application. You can use different membership provider by changing the configuration so that the membership API uses this different provider. Your application doesn’t know about any details of the underlying provider.