9 out of 16 rated this helpful - Rate this topic

Membership Class

.NET Framework 2.0

Other Versions

Note: This class is new in the .NET Framework version 2.0.

Validates user credentials and manages user settings. This class cannot be inherited.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

Syntax

C++

Copy

public static class Membership

Copy

public final class Membership

JScript

Copy

public final class Membership

Remarks

The Membership class is used in ASP.NET applications to validate user credentials and manage user settings such as passwords and e-mail addresses. The Membership class can be used on its own, or in conjunction with the FormsAuthentication to create a complete system for authenticating users of a Web application or site. The Login control encapsulates the Membership class to provide a convenient mechanism for validating users.

The Membership class provides facilities for:

Creating new users.
Storing membership information (user names, passwords, e-mail addresses, and supporting data) in Microsoft SQL Server or in an alternative data store.
Authenticating users who visit your site. You can authenticate users programmatically, or you can use the Login control to create a complete authentication system that requires little or no code.
Managing passwords, which includes creating, changing, retrieving, and resetting them, and so on. You can optionally configure ASP.NET membership to require a password question and answer to authenticate password reset or retrieval requests for users that have forgotten their password.

Although ASP.NET membership is a self-standing feature in ASP.NET For authentication, it can be integrated with ASP.NET role management to provide authorization services for your site. Membership can also be integrated with the ASP.NET user System.Web.Profile to provide application-specific customization that can be tailored to individual users. For details, see Understanding Role Management and ASP.NET Profile Properties Overview.

The Membership class relies on membership providers to communicate with a data source. The .NET Framework includes a SqlMembershipProvider, which stores user information in a Microsoft SQL Server database, and an ActiveDirectoryMembershipProvider, which enables you to store user information on an Active Directory or Active Directory Application Mode (ADAM) server. You can also implement a custom membership provider to communicate with an alternative data source that can be used by the Membership class. Custom membership providers inherit the MembershipProvider abstract class. For more information, see Implementing a Membership Provider.

By default, ASP.NET membership is enabled for all ASP.NET applications. The default membership provider is the SqlMembershipProvider and is specified in the machine configuration with the name AspNetSqlProvider. The default instance of the SqlMembershipProvider is configured to connect to a local instance of Microsoft SQL Server.

You can modify the default settings to specify a SqlMembershipProvider other than the AspNetSqlProvider instance as the default provider, or specify an instance of a custom provider as the default provider for your ASP.NET application using the Web.config file. You can specify the ASP.NET membership configuration for your Web application using the membership configuration section in the Web.config file. You can use the providers subsection of the membership section to specify a membership provider other than one of the default providers. For example, the following membership section removes the default membership providers from the current application configuration and adds a new provider with a name of SqlProvider that connects to a SQL Server instance named MySqlServer.

Copy

<configuration>
  <connectionStrings>
    <add name="SqlServices" connectionString="Data Source=MySqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
      <providers>
        <remove name="AspNetSqlProvider" />
        <add name="SqlProvider"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="SqlServices"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          passwordFormat="Hashed"
          applicationName="/" />
      </providers>
    </membership>
  </system.web>
</configuration>

Example

The following code example shows the login page for an ASP.NET application configured to use forms authentication and ASP.NET membership. If the supplied user credentials are invalid, a message is displayed to the user. Otherwise, the user is redirected to the originally requested URL using the RedirectFromLoginPage.

Note
The ASP.NET login controls (Login, LoginView, LoginStatus, LoginName, and PasswordRecovery) encapsulate virtually all of the logic required to prompt users for credentials and validate the credentials in the membership system and can be used in place of programmatic checking using the Membership class.

Copy

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>

<script runat="server">

public void Login_OnClick(object sender, EventArgs args)
{
   if (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text))
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
   else
     Msg.Text = "Login failed. Please check your user name and password and try again.";
}


</script>

<html>
<head>
  <title>Login</title>
</head>
<body>

<form runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><P>

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><BR>
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><BR>
 
  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> Check here if this is <u>not</u> a public computer.

</form>

</body>
</html>

.NET Framework Security

AspNetHostingPermission for using the Membership class in a hosted environment. Demand value: LinkDemand. Permission value: Minimal.

Inheritance Hierarchy

System.Object
System.Web.Security.Membership

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 98, Windows 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

Version Information

.NET Framework

Supported in: 2.0

Reference

Membership Members
System.Web.Security Namespace

Other Resources

Introduction to Membership

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ

Using the ASP.NET membership provider in a Windows forms application

Even though the membership provider is designed for use in a web application it is not limited to them. The following article shows how to use the membership provider in a Windows applications: http://www.TheProblemSolver.nl/UsingTheMembershipProviderInWinforms.htm.

History

3/6/2006
Maurice de Beijer - DevelopMentor