Membership Class
TOC
Collapse the table of content
Expand the table of content

Membership Class

 

Validates user credentials and manages user settings. This class cannot be inherited.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

System.Object
  System.Web.Security.Membership

public static class Membership

NameDescription
System_CAPS_pubpropertySystem_CAPS_staticApplicationName

Gets or sets the name of the application.

System_CAPS_pubpropertySystem_CAPS_staticEnablePasswordReset

Gets a value indicating whether the current membership provider is configured to allow users to reset their passwords.

System_CAPS_pubpropertySystem_CAPS_staticEnablePasswordRetrieval

Gets a value indicating whether the current membership provider is configured to allow users to retrieve their passwords.

System_CAPS_pubpropertySystem_CAPS_staticHashAlgorithmType

The identifier of the algorithm used to hash passwords.

System_CAPS_pubpropertySystem_CAPS_staticMaxInvalidPasswordAttempts

Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

System_CAPS_pubpropertySystem_CAPS_staticMinRequiredNonAlphanumericCharacters

Gets the minimum number of special characters that must be present in a valid password.

System_CAPS_pubpropertySystem_CAPS_staticMinRequiredPasswordLength

Gets the minimum length required for a password.

System_CAPS_pubpropertySystem_CAPS_staticPasswordAttemptWindow

Gets the time window between which consecutive failed attempts to provide a valid password or password answer are tracked.

System_CAPS_pubpropertySystem_CAPS_staticPasswordStrengthRegularExpression

Gets the regular expression used to evaluate a password.

System_CAPS_pubpropertySystem_CAPS_staticProvider

Gets a reference to the default membership provider for the application.

System_CAPS_pubpropertySystem_CAPS_staticProviders

Gets a collection of the membership providers for the ASP.NET application.

System_CAPS_pubpropertySystem_CAPS_staticRequiresQuestionAndAnswer

Gets a value indicating whether the default membership provider requires the user to answer a password question for password reset and retrieval.

System_CAPS_pubpropertySystem_CAPS_staticUserIsOnlineTimeWindow

Specifies the number of minutes after the last-activity date/time stamp for a user during which the user is considered online.

NameDescription
System_CAPS_pubmethodSystem_CAPS_staticCreateUser(String, String)

Adds a new user to the data store.

System_CAPS_pubmethodSystem_CAPS_staticCreateUser(String, String, String)

Adds a new user with a specified e-mail address to the data store.

System_CAPS_pubmethodSystem_CAPS_staticCreateUser(String, String, String, String, String, Boolean, MembershipCreateStatus)

Adds a new user with specified property values to the data store and returns a status parameter indicating that the user was successfully created or the reason the user creation failed.

System_CAPS_pubmethodSystem_CAPS_staticCreateUser(String, String, String, String, String, Boolean, Object, MembershipCreateStatus)

Adds a new user with specified property values and a unique identifier to the data store and returns a status parameter indicating that the user was successfully created or the reason the user creation failed.

System_CAPS_pubmethodSystem_CAPS_staticDeleteUser(String)

Deletes a user and any related user data from the database.

System_CAPS_pubmethodSystem_CAPS_staticDeleteUser(String, Boolean)

Deletes a user from the database.

System_CAPS_pubmethodSystem_CAPS_staticFindUsersByEmail(String)

Gets a collection of membership users where the e-mail address contains the specified e-mail address to match.

System_CAPS_pubmethodSystem_CAPS_staticFindUsersByEmail(String, Int32, Int32, Int32)

Gets a collection of membership users, in a page of data, where the e-mail address contains the specified e-mail address to match.

System_CAPS_pubmethodSystem_CAPS_staticFindUsersByName(String)

Gets a collection of membership users where the user name contains the specified user name to match.

System_CAPS_pubmethodSystem_CAPS_staticFindUsersByName(String, Int32, Int32, Int32)

Gets a collection of membership users, in a page of data, where the user name contains the specified user name to match.

System_CAPS_pubmethodSystem_CAPS_staticGeneratePassword(Int32, Int32)

Generates a random password of the specified length.

System_CAPS_pubmethodSystem_CAPS_staticGetAllUsers()

Gets a collection of all the users in the database.

System_CAPS_pubmethodSystem_CAPS_staticGetAllUsers(Int32, Int32, Int32)

Gets a collection of all the users in the database in pages of data.

System_CAPS_pubmethodSystem_CAPS_staticGetNumberOfUsersOnline()

Gets the number of users currently accessing an application.

System_CAPS_pubmethodSystem_CAPS_staticGetUser()

Gets the information from the data source and updates the last-activity date/time stamp for the current logged-on membership user.

System_CAPS_pubmethodSystem_CAPS_staticGetUser(Boolean)

Gets the information from the data source for the current logged-on membership user. Updates the last-activity date/time stamp for the current logged-on membership user, if specified.

System_CAPS_pubmethodSystem_CAPS_staticGetUser(Object)

Gets the information from the data source for the membership user associated with the specified unique identifier.

System_CAPS_pubmethodSystem_CAPS_staticGetUser(Object, Boolean)

Gets the information from the data source for the membership user associated with the specified unique identifier. Updates the last-activity date/time stamp for the user, if specified.

System_CAPS_pubmethodSystem_CAPS_staticGetUser(String)

Gets the information from the data source for the specified membership user.

System_CAPS_pubmethodSystem_CAPS_staticGetUser(String, Boolean)

Gets the information from the data source for the specified membership user. Updates the last-activity date/time stamp for the user, if specified.

System_CAPS_pubmethodSystem_CAPS_staticGetUserNameByEmail(String)

Gets a user name where the e-mail address for the user matches the specified e-mail address.

System_CAPS_pubmethodSystem_CAPS_staticUpdateUser(MembershipUser)

Updates the database with the information for the specified user.

System_CAPS_pubmethodSystem_CAPS_staticValidateUser(String, String)

Verifies that the supplied user name and password are valid.

NameDescription
System_CAPS_pubeventSystem_CAPS_staticValidatingPassword

Occurs when a user is created, a password is changed, or a password is reset.

The Membership class is used in ASP.NET applications to validate user credentials and manage user settings such as passwords and e-mail addresses. The Membership class can be used on its own, or in conjunction with the FormsAuthentication to create a complete system for authenticating users of a Web application or site. The Login control encapsulates the Membership class to provide a convenient mechanism for validating users.

System_CAPS_noteNote

If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. For a list of other topics related to membership, see Managing Users by Using Membership.

The Membership class provides facilities for:

  • Creating new users.

  • Storing membership information (user names, passwords, e-mail addresses, and supporting data) in Microsoft SQL Server or in an alternative data store.

  • Authenticating users who visit your site. You can authenticate users programmatically, or you can use the Login control to create a complete authentication system that requires little or no code.

  • Managing passwords, which includes creating, changing, retrieving, and resetting them, and so on. You can optionally configure ASP.NET membership to require a password question and answer to authenticate password reset or retrieval requests for users that have forgotten their password.

Although ASP.NET membership is a self-standing feature in ASP.NET For authentication, it can be integrated with ASP.NET role management to provide authorization services for your site. Membership can also be integrated with the ASP.NET user System.Web.Profile to provide application-specific customization that can be tailored to individual users. For details, see Understanding Role Management and ASP.NET Profile Properties Overview.

The Membership class relies on membership providers to communicate with a data source. The .NET Framework includes a SqlMembershipProvider, which stores user information in a Microsoft SQL Server database, and an ActiveDirectoryMembershipProvider, which enables you to store user information on an Active Directory or Active Directory Application Mode (ADAM) server. You can also implement a custom membership provider to communicate with an alternative data source that can be used by the Membership class. Custom membership providers inherit the MembershipProvider abstract class. For more information, see Implementing a Membership Provider.

By default, ASP.NET membership is enabled for all ASP.NET applications. The default membership provider is the SqlMembershipProvider and is specified in the machine configuration with the name AspNetSqlProvider. The default instance of the SqlMembershipProvider is configured to connect to a local instance of Microsoft SQL Server.

You can modify the default settings to specify a SqlMembershipProvider other than the AspNetSqlProvider instance as the default provider, or specify an instance of a custom provider as the default provider for your ASP.NET application using the Web.config file. You can specify the ASP.NET membership configuration for your Web application using the configuration section in the Web.config file. You can use the providers subsection of the section to specify a membership provider other than one of the default providers. For example, the following section removes the default membership providers from the current application configuration and adds a new provider with a name of SqlProvider that connects to a SQL Server instance named AspSqlServer.

<configuration>
  <connectionStrings>
    <add name="SqlServices" connectionString="Data Source=AspSqlServer;Integrated Security=SSPI;Initial Catalog=aspnetdb;" />
  </connectionStrings>
  <system.web>
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
      <providers>
        <remove name="AspNetSqlProvider" />
        <add name="SqlProvider"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="SqlServices"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          passwordFormat="Hashed"
          applicationName="/" />
      </providers>
    </membership>
  </system.web>
</configuration>

The following code example shows the login page for an ASP.NET application configured to use forms authentication and ASP.NET membership. If the supplied user credentials are invalid, a message is displayed to the user. Otherwise, the user is redirected to the originally requested URL using the RedirectFromLoginPage method.

System_CAPS_noteNote

The ASP.NET login controls (Login, LoginView, LoginStatus, LoginName, and PasswordRecovery) encapsulate virtually all of the logic required to prompt users for credentials and validate the credentials in the membership system and can be used in place of programmatic checking using the Membership class.

System_CAPS_security Security Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">

public void Login_OnClick(object sender, EventArgs args)
{
   if (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text))
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked);
   else
     Msg.Text = "Login failed. Please check your user name and password and try again.";
}


</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
  <title>Login</title>
</head>
<body>

<form id="form1" runat="server">
  <h3>Login</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />

  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.

</form>

</body>
</html>

.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show:
© 2016 Microsoft