Expand Minimize

System.Web.Security Namespace

The System.Web.Security namespace contains classes that are used to implement ASP.NET security in Web server applications.

The Membership class is used by ASP.NET applications to validate user credentials and manage user settings such as passwords and e-mail addresses. The Roles class enables you to manage authorization for your application based on groups of users assigned to roles in the Web application.

Both the Membership class and the Roles class work with providers, classes that access your application's data store to retrieve membership and role information. Membership and role information can be stored in a Microsoft SQL Server database using the SqlMembershipProvider and SqlRoleProvider classes; in an Active Directory using the ActiveDirectoryMembershipProvider and AuthorizationStoreRoleProvider classes, or in a custom data source using implementations of the MembershipProvider and RoleProvider classes.

You configure ASP.NET membership using the membership Element (ASP.NET Settings Schema). When an application using membership is accessed, ASP.NET creates an instance of the Membership class that you can use to query membership information. Provider-specific implementations of the MembershipUser class contain information about the user accessing the page. You can create custom implementations of the MembershipUser class for your application.

You configure ASP.NET roles using the roleManager Element (ASP.NET Settings Schema). ASP.NET creates an instance of the Roles class that contains information about the role membership of the current user.

ASP.NET provides server controls that interact with the Membership class and the Roles class. The Login, CreateUserWizard, and ChangePassword controls work with the Membership class to simplify creating an authenticated Web application, and the LoginView control uses role-specific templates to customize Web pages for specific groups of users.

  Class Description
Public class ActiveDirectoryMembershipProvider Manages storage of membership information for an ASP.NET application in Active Directory and Active Directory Application Mode servers.
Public class ActiveDirectoryMembershipUser Exposes and updates membership user information stored in an Active Directory data store.
Public class AnonymousIdentificationEventArgs Provides data for the AnonymousIdentification_Creating event. This class cannot be inherited.
Public class AnonymousIdentificationModule Manages anonymous identifiers for the ASP.NET application.
Public class AuthorizationStoreRoleProvider Manages storage of role-membership information for an ASP.NET application in an authorization-manager policy store, either in an XML file, in an Active Directory, or on an Active Directory Application Mode server.
Public class DefaultAuthenticationEventArgs Provides data for the DefaultAuthentication_OnAuthenticate event. This class cannot be inherited.
Public class DefaultAuthenticationModule Ensures that an authentication object is present in the context. This class cannot be inherited.
Public class FileAuthorizationModule Verifies that the user has permission to access the file requested. This class cannot be inherited.
Public class FormsAuthentication Manages forms-authentication services for Web applications. This class cannot be inherited.
Public class FormsAuthenticationEventArgs Provides data for the FormsAuthentication_OnAuthenticate event. This class cannot be inherited.
Public class FormsAuthenticationModule Sets the identity of the user for an ASP.NET application when forms authentication is enabled. This class cannot be inherited.
Public class FormsAuthenticationTicket Provides access to properties and values of the ticket used with forms authentication to identify users. This class cannot be inherited.
Public class FormsIdentity Represents a user identity authenticated using forms authentication. This class cannot be inherited.
Public class MachineKey Provides a way to encrypt or hash data (or both) by using the same algorithms and key values that are used for ASP.NET forms authentication and view state.
Public class Membership Validates user credentials and manages user settings. This class cannot be inherited.
Public class MembershipCreateUserException The exception that is thrown when a user is not successfully created by a membership provider.
Public class MembershipPasswordAttribute Validates whether a password field meets the current password requirements for the membership provider.
Public class MembershipPasswordException The exception that is thrown when a password cannot be retrieved from the password store.
Public class MembershipProvider Defines the contract that ASP.NET implements to provide membership services using custom membership providers.
Public class MembershipProviderCollection A collection of objects that inherit the MembershipProvider abstract class.
Public class MembershipUser Exposes and updates membership user information in the membership data store.
Public class MembershipUserCollection A collection of MembershipUser objects.
Public class PassportAuthenticationEventArgs Obsolete. The event argument passed to the Authenticate event by a PassportAuthenticationModule. Since there is already an identity at this point, this is useful mainly for attaching a custom IPrincipal object to the context using the supplied identity. This class is deprecated.
Public class PassportAuthenticationModule Obsolete. Provides a wrapper around Passport Authentication services. This class cannot be inherited. This class is deprecated.
Public class PassportIdentity Obsolete. Provides a class to be used by PassportAuthenticationModule. It provides a way for an application to access the Ticket method. This class cannot be inherited. This class is deprecated.
Public class PassportPrincipal Obsolete. Represents a Passport-authenticated principal. This class is deprecated.
Public class RoleManagerEventArgs Provides event data for the GetRoles event of the RoleManagerModule class.
Public class RoleManagerModule Manages a RolePrincipal instance for the current user. This class cannot be inherited.
Public class RolePrincipal Represents security information for the current HTTP request, including role membership. This class cannot be inherited.
Public class RoleProvider Defines the contract that ASP.NET implements to provide role-management services using custom role providers.
Public class RoleProviderCollection A collection of objects that inherit the RoleProvider abstract class.
Public class Roles Manages user membership in roles for authorization checking in an ASP.NET application. This class cannot be inherited.
Public class SqlMembershipProvider Manages storage of membership information for an ASP.NET application in a SQL Server database.
Public class SqlRoleProvider Manages storage of role membership information for an ASP.NET application in a SQL Server database.
Public class UrlAuthorizationModule Verifies that the user has permission to access the URL requested. This class cannot be inherited.
Public class ValidatePasswordEventArgs Provides event data for the ValidatingPassword event of the MembershipProvider class.
Public class WindowsAuthenticationEventArgs Provides data for the WindowsAuthentication_OnAuthenticate event. This class cannot be inherited.
Public class WindowsAuthenticationModule Sets the identity of the user for an ASP.NET application when Windows authentication is enabled. This class cannot be inherited.
Public class WindowsTokenRoleProvider Gets role information for an ASP.NET application from Windows group membership.

  Delegate Description
Public delegate AnonymousIdentificationEventHandler Represents the method that handles the AnonymousIdentification_Creating event of a AnonymousIdentificationModule.
Public delegate DefaultAuthenticationEventHandler Represents the method that handles the DefaultAuthentication_OnAuthenticate event of a DefaultAuthenticationModule.
Public delegate FormsAuthenticationEventHandler Represents the method that handles the FormsAuthentication_OnAuthenticate event of a FormsAuthenticationModule.
Public delegate MembershipValidatePasswordEventHandler Represents the method that will handle the ValidatingPassword event of the MembershipProvider class.
Public delegate PassportAuthenticationEventHandler Obsolete. Represents the method that handles the PassportAuthentication_OnAuthenticate event of a PassportAuthenticationModule. This class is deprecated.
Public delegate RoleManagerEventHandler Defines the delegate for the GetRoles event of the RoleManagerModule class.
Public delegate WindowsAuthenticationEventHandler Represents the method that handles the WindowsAuthentication_OnAuthenticate event of a WindowsAuthenticationModule.

  Enumeration Description
Public enumeration ActiveDirectoryConnectionProtection Specifies the connection protection options supported by the ActiveDirectoryMembershipProvider class.
Public enumeration CookieProtection Describes how information in a cookie is protected.
Public enumeration MachineKeyProtection Specifies values that indicates whether data should be encrypted or decrypted, whether a hash-based message authentication code (HMAC) should be appended or validated, or both.
Public enumeration MembershipCreateStatus Describes the result of a CreateUser operation.
Public enumeration MembershipPasswordFormat Describes the encryption format for storing passwords for membership users.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft