The membership API is designed to work completely independently from its underlying data store.You can work with the controls provided by ASP.NET as well as the Membership class. The Membership class provides you with a set of static methods and static properties for programmatically accessing users and roles of the store. These methods work with a membership provider which implements the access to the underlying data store. All membership API-related classes are placed in the System.Web.Security namespace and the next table lists and describes these classes.

Component Description

The Membership class is the primary point of interaction with the membership API. It provides methods for managing users, validating users, and resetting user passwords.


An exception is thrown if an error occurs when you try to create a user through the Membership class.


Represents a single user stored in a membership API credential store. This object contains all information about this user and is returned through several methods of the Membership class, such as GetUser.


A collection of membership users. For example, you can use, the GetAllUsers method of the Membership class returns an instance of this collection.


This is the base class that you derive from if you want to create a custom membership provider that authenticates users against your custom credential store.


A collection of available membership providers on the machine and for this web application.


An implementation of the MembershipProvider class that works with SQL Server databases.


An implementation of the MembershipProvider class that works with Active Directory.


This class inherits all the functionality from MembershipUser and adds some Active Directory-specific properties.


1. ASP.NET ships with a membership provider for SQL Server and Active Directory. If you want to extend the infrastructure you can develop your own membership provider, which is a class that inherits from System.Web.Security.MembershipProvider. You configure membership providers primarily through your web.config configuration file, which includes a <membership /> section.

2. The membership API is just used for managing and authenticating users. It does not implement any authorization functionality and doesn’t provide you with functionality for managing user roles. For this purpose, you have to use the roles API.