Using ASP.NET Providers in Non-ASP.NET Applications

ASP.NET developers are most likely familiar with the rich provider-based modules supplied with ASP.NET. These are the Role Provider, the Membership Provider, the Profile Provider, the Personalization Provider, the Web Events Provider, the Site Map Provider, the Session State Provider and the Protected Configuration Provider. For detailed information on all of these modules, you should read this. The providers that I will talk about are the Role, Membership and Profile, which are the ones that may be used in non-ASP.NET applications.

These post is targeted at Windows Forms users, since ASP.NET ones are probably familiar with all these concepts. 

What's the purpose of using these providers in your applications? Well, they implement some typical requirements of enterprise-level applications, so you don't have to develop your own:

  • User creation, management, authentication and monitoring (Membership Provider)
  • Role creation and assignment to users (Role Provider)
  • Per-user configuration (Profile Provider)

The concepts involved are:

  1. A user has certain well-known settable properties, such as a password, a question and an answer, an approval flag, an e-mail and some comments and some implicit properties, like the creation date, last login date, last activity date, logged-in flag, online flag, last lockout date and last password changing date
  2. A user may belong to none or some roles, a role may be associated with many users
  3. A user may have particular values for system-wide defined properties

I will not get into details on all of these providers, and I won't also talk about rolling out your own providers, which is actually quite simple. The default providers are registed in the global Machine.config file, located in %WINDIR%\Microsoft.NET\Framework\v2.0.50727\Config with their default settings. All providers inherit indirectly from System.Configuration.Provider.ProviderBase.

The default implementations, which are the ones I will talk about, require an SQL Server database, so we need to create it. We do so with the aspnet_regsql command, which you can find on %WINDIR%\Microsoft.NET\Framework\v2.0.50727. After you run it, you are prompted for the location of the SQL Server to use, and after that a number of tables and stored procedures are created. Don't forget to set it's connection string in App.config:



add name="SomeConnectionStringName" connectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=SomeDatabaseName" providerName="System.Data.SqlClient"/>  <add name="AuthorizationStoreConnectionName" connectionString="msxml://~/SomeAutorizationStore.xml" />



Oracle has an identical set of providers, with the sole difference that they work with Oracle databases, which may come in handy if you really need to have Oracle instead of SQL Server. They are part of Oracle Data Access Components, and you can get it from the Oracle site, here.

Now, let's move on to the providers. 

Membership Provider 

For the Membership Provider, the class that actually implements it is System.Web.Security.SqlMembershipProvider. The methods for the Membership Provider are defined in the abstract base class System.Web.Security.MembershipProvider. These are:

  • ChangePassword
  • ChangePasswordQuestionAndAnswer
  • CreateUser
  • DeleteUser
  • FindUsersByEmail
  • FindUsersByName
  • GetAllUsers
  • GetNumberOfUsersOnline
  • GetPassword
  • GetUser (overloaded)
  • GetUserNameByEmail
  • ResetPassword
  • UnlockUser
  • UpdateUser
  • ValidateUser

The configuration properties are:

  • ApplicationName
  • EnablePasswordReset
  • EnablePasswordRetrieval
  • MaxInvalidPasswordAttempts
  • MinRequiredNonAlphanumericCharacters
  • MinRequiredPasswordLength
  • PasswordAttemptWindow
  • PasswordFormat
  • PasswordStrengthRegularExpression
  • RequiresQuestionAndAnswer
  • RequiresUniqueEmail

And the single fired event is:

  • ValidatingPassword

The Membership Provider is configured through the <system.web><membership> section of the App.config file (because we are developing a Windows Forms applications, otherwise it would be, of course, Web.config). In order to use it, you must configure a default provider on the configuration file, like this:

<membership defaultProvider="SqlMembershipProvider">



add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SomeConnectionStringName" enablePasswordRetrieval="false" enablePasswordReset="true  requiresQuestionAndAnswer="false" applicationName="SomeApplicationName" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"   passwordStrengthRegularExpression="" />  </providers>



Then you can access it in code:

MembershipUser user = null;




  user = System.Web.Security.Membership.CreateUser("ricardoperes", "somepassword");




  //user already exists  user = System.Web.Security.Membership.GetUser("ricardoperes");


//perform operations on user and don't forget to call UpdateUser when finished:



Role Provider

The Role Provider implementation class is System.Web.Security.SqlRoleProvider, and the abstract base class that defines its operations is System.Web.Security.RoleProvider. These operations are:

  • AddUsersToRoles
  • CreateRole
  • DeleteRole
  • FindUsersInRole
  • GetAllRoles
  • GetRolesForUser
  • GetUsersInRole
  • IsUserInRole
  • RemoveUsersFromRoles
  • RoleExists

And the sole property is:

  • ApplicationName

You configure the Role Provider through section <system.web><roleManager>:

<roleManager enabled="true" defaultProvider="SqlRoleProvider">


providers>    <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SomeConnectionStringName" />


add name="AuthorizationStoreRoleProvider" type="System.Web.Security.AuthorizationStoreRoleProvider" connectionStringName="AuthorizationStoreConnectionName" applicationName="SomeApplicationName" cacheRefreshInterval="60" scopeName="" />  </providers>



You may notice that I configured two Role providers. The second one, AuthorizationStoreRoleProvider, allows us to use AzMan for the definition of the roles, instead of Windows NT groups, and may be usefull if you want to have roles that differ from you machine's or Active Directory's groups.

This is how you would use the Role Provider:

if (System.Web.Security.Roles.RoleExists("Bloggers") == false)




String [] roles = System.Web.Security.Roles.GetRolesForUser("ricardoperes");if (roles.Length == 0)


  System.Web.Security.Roles.AddUsersToRole(new String [] { "ricardoperes" }, "Bloggers");


Profile Provider

The Profile Provider is implemented in System.Web.Profile.SqlProfileProvider; the base class is System.Web.Profile.ProfileProvider. It's methods are:

  • DeleteInactiveProfiles
  • DeleteProfiles (overloaded)
  • FindInactiveProfilesByUserName
  • FindProfilesByUserName
  • GetAllInactiveProfiles
  • GetAllProfiles
  • GetNumberOfInactiveProfiles

Both the Profile Provider and the system-wide properties must be configured on App.config. Note that you cannot use property groups, they don't work in non-ASP.NET applications:

<profile enabled="true" automaticSaveEnabled="true" defaultProvider="SqlProfileProvider">


providers>    <add name="SqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="SomeConnectionStringName" />


providers>  <properties>     <add name="Birthday" type="System.DateTime" />


add name="Url" type="System.String" />

    <add name="Married" type="System.Boolean" defaultValue="false" />

    <add name="Collection" type="SomeNamespace.SomeCollection, SomeAssembly" />   </properties>



And to use it:

ProfileBase profile = System.Web.Profile.DefaultProfile.Create("ricardoperes", true);


DateTime birthday = (DateTime) profile.GetPropertyValue("Birthday");profile.SetPropertyValue("Birthday", new DateTime(1975, 8, 19));


Bookmark and Share



  • The Profiler works nicely with non-ASP.NET as long as you don't use property groups.

    ProfileBase.GetPropertyGroup(string group) uses BuildManager, which throws exception in non-ASP.NET environment.

  • Thank you so very much for this article. I have an urgent need of applying membership provider in win forms. If it works same as in then it would be like a dream come true for me.

Add a Comment

As it will appear on the website

Not displayed

Your website