Microsoft ASP.NET 2.0 shipped with a complete membership API that allows developers to manage the application's users and their roles. However, this API best suits small to medium web sites due to their limitation in expressing a detailed member record.
Fortunately, the Membership API is built on the provider model so you can extend it. You can use the technique discussed here to overcome this limitation and extend the Microsoft ASP.NET 2.0 Membership API to accommodate custom member records with a solution that works on top of the Membership API without requiring any change in the API.
If you're not already familiar with the provider model in ASP.NET 2.0, I highly recommend the following link: Provider Model in Depth.
ASP.NET Member and Role Management Overview
In the days of ASP.NET 1.x, managing an application's members and roles was a hectic job, especially when most of the middle and higher-level applications needed that kind of management. You would usually end up creating your own membership API to use in any application you were working on.
Microsoft ASP.NET 2.0 provides many new features, such as the Membership API, where you no longer need to worry about membership management in any application you develop. Microsoft built their Membership API upon the provider model. As with the other new features in ASP.NET 2.0, Microsoft integrated the Membership API into the .NET Framework and you can access all its objects and methods from one namespace reference, System.Web.Security.
The Membership API provides many ready-made features that you had always needed to build in ASP.NET 1.x and that took hundreds of lines of code to accomplish.
For example, the Membership API has the Login control. This control contains the username and password fields used to authenticate every user who tries to access a secure area inside the web application. In ASP.NET 1.x, you had to add this control to each application you developed. You would end up creating a User control or a Server control so you would not need to repeat your work again and again.
ASP.NET 2.0 provides a Role Management API that works with the Membership API to provide a full solution for the authentication and authorization needed for most web applications you develop. I will not spend more time on the Membership API controls in this article—you can find many online resources and articles to get more information.
The Membership API works fine with small web applications. But a problem arises when working with huge applications. For example, the MembershipUser class, which is found in the Membership API and represents a member saved in the application's database, contains a limited number of properties. This class does not support the First Name and Last Name properties, for example. Usually, in middle to large-scale applications, a member's record requires the presence of a lot more properties—and those properties are not all currently found in the MembershipUser class.
Although the Membership API presents a generic member's record, Microsoft built the Membership API upon the provider model, so, you can easily solve that limitation and extend the current Membership API to serve your needs.
In addition to the Membership API's need for more properties, it has another important limitation-by default it only works with Microsoft SQL Server and Active Directory. This last issue is not mainly a limitation just because Microsoft built the Membership API upon the provider model. Another provider can easily replace the model with any database implementation available.