MembershipUser Class


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Exposes and updates membership user information in the membership data store.

Namespace:   System.Web.Security
Assembly:  System.Web.ApplicationServices (in System.Web.ApplicationServices.dll)

public class MembershipUser


Creates a new instance of a MembershipUser object for a class that inherits the MembershipUser class.

System_CAPS_pubmethodMembershipUser(String, String, Object, String, String, String, Boolean, Boolean, DateTime, DateTime, DateTime, DateTime, DateTime)

Creates a new membership user object with the specified property values.


Gets or sets application-specific information for the membership user.


Gets the date and time when the user was added to the membership data store.


Gets or sets the e-mail address for the membership user.


Gets or sets whether the membership user can be authenticated.


Gets a value indicating whether the membership user is locked out and unable to be validated.


Gets whether the user is currently online.


Gets or sets the date and time when the membership user was last authenticated or accessed the application.


Gets the most recent date and time that the membership user was locked out.


Gets or sets the date and time when the user was last authenticated.


Gets the date and time when the membership user's password was last updated.


Gets the password question for the membership user.


Gets the name of the membership provider that stores and retrieves user information for the membership user.


Gets the user identifier from the membership data source for the user.


Gets the logon name of the membership user.

System_CAPS_pubmethodChangePassword(String, String)

Updates the password for the membership user in the membership data store.

System_CAPS_pubmethodChangePasswordQuestionAndAnswer(String, String, String)

Updates the password question and answer for the membership user in the membership data store.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the password for the membership user from the membership data store.


Gets the password for the membership user from the membership data store.


Gets the Type of the current instance.(Inherited from Object.)


Creates a shallow copy of the current Object.(Inherited from Object.)


Resets a user's password to a new, automatically generated password.


Resets a user's password to a new, automatically generated password.


Returns the user name for the membership user.(Overrides Object.ToString().)


Clears the locked-out state of the user so that the membership user can be validated.

The MembershipUser object is used to represent a single membership user in the membership data store. It exposes information about the membership user such as the e-mail address, and provides functionality for the membership user such as the ability to change or reset his or her password.


If you are not familiar with the membership features of ASP.NET, see Introduction to Membership before continuing. For a list of other topics related to membership, see Managing Users by Using Membership.

A MembershipUser object is returned by the GetUser and CreateUser methods or as part of a MembershipUserCollection returned by the GetAllUsers, FindUsersByName, and FindUsersByEmail methods.

A MembershipUser object is required by the UpdateUser method when you want to update the information for an existing membership user.

The following code example updates the e-mail address for a user.

System_CAPS_security Security Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

MembershipUser u;

public void Page_Load(object sender, EventArgs args)
  u = Membership.GetUser(User.Identity.Name);

  if (!IsPostBack)
    EmailTextBox.Text = u.Email; 

public void UpdateEmailButton_OnClick(object sender, EventArgs args)
    u.Email = EmailTextBox.Text;


    Msg.Text = "User e-mail updated.";
  catch (System.Configuration.Provider.ProviderException e)
    Msg.Text = e.Message;

<html xmlns="" >
<title>Sample: Update User E-Mail</title>

<form id="form1" runat="server">
  <h3>Update E-Mail Address for <%=User.Identity.Name%></h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table cellpadding="3" border="0">
      <td>E-mail Address:</td>
      <td><asp:TextBox id="EmailTextBox" MaxLength="128" Columns="30" runat="server" /></td>
      <td><asp:RequiredFieldValidator id="EmailRequiredValidator" runat="server"
                                    ControlToValidate="EmailTextBox" ForeColor="red"
                                    Display="Static" ErrorMessage="Required" /></td>
      <td><asp:Button id="UpdateEmailButton" 
                      Text="Update E-mail" 
                      runat="server" /></td>


.NET Framework
Available since 2.0

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top