Basically, the lack of IIdentity in the API.
/// Verifies that the specified user name and password exist in the data source.
/// </summary> /// <returns>
/// A <see cref="T:System.Security.Principal.IIdentity"></see> instance
/// if the specified username and password are valid; otherwise, <see langword="null"></see>.
/// </returns> /// <param name="username">The name of the user to validate.</param> /// <param name="password">The password for the specified user.</param> public abstract IIdentity LoginUser(string username, string password);
Not all membership checking is just about validating username and password. Sometimes, one needs to logon into a backend service provider and get a session token to access the membership system.
And, since we are at it, why don’t we add IIdentity support to the whole API?