Using the ASP.Net membership provider in a Windows forms application part 1.

One of the new features in ASP.Net 2.0 is the membership and role
provider system. This is nicely designed system that allows the developer to
handle the storage of user information pretty much any way he likes, all he has
to do is create the appropriate providers and configure his application to use
these. While this is very powerful there is something else I was much more
interested in and that is the fact that user and role management can be added
to an application without having to do any of the implementation work. Now this
is very convenient if you don’t already have a user database to work with
and something I would like to be able to use in my Windows forms applications
as well as in my web application.

Fortunately this is possible without much work at all! So let’s
create a very small console application with user management.

First create a new Visual Basic console application in Visual Studio
2005. No problem if you prefer C#, all you need to do is translate the
remaining syntax to C#.

Add a reference to the System.Web namespace.

Add a line with  “Imports System.Web.Security
to the top of the Module1.vb.

Now add the following code to the Sub Main()

‘ Validate a username/password
If Membership.ValidateUser(“Maurice”, “Password_1”) Then
End If


Go ahead and run the application.
Not surprisingly the application reports that the user is invalid,
after all how it can’t know which users are valid.

Now add the following code to the top of the Sub Main()

‘ Creating a new user
Dim status As MembershipCreateStatus
Membership.CreateUser( _
“Password question”,
“Password answer”,
True, _


Go ahead and run the application again.

If you have never used the membership provider in a Web application you
might me surprised to see this just works, the user is created and is
validated. Run the application again and the creation will return a
DuplicateUserName error but the ValidateUser() still works. How is this
possible as we haven’t done anything to configure the membership provider
or told it which database to use? Well the secret is that the membership provider
checks for, and creates if needed, a new directory under the application
directory named App_Data with a SQL Express database ASPNETDB with the required
structure. This database is then used to store the user information.

Maurice de Beijer

21 thoughts on “Using the ASP.Net membership provider in a Windows forms application part 1.

  1. How do you use membership provider in windows application?

    If you have a web application, when you use the sqlmembership provider then the database is created automatically. However, it is not the case in windows environment.

    My question is how can you generate required tables and point to those tables?

    I would appreciate if you can email me the solution.


  2. Is there any way this can be achieved in a win forms client without the obligatory System.Web namespace being referenced?



  3. Not really because that is where the required types are defined. Of course you could dynamically load the assembly and use reflection on all calls but for some reason I prefer just to ignore the “Web” reference.

  4. Hi Maurice. I’m currently implementing a custom MembershipProvider and MembershipUser class (inherited).
    What’s the difference with regards to the App.Config file?

  5. Hello Maurice!

    I have developed a web application using membership. I want to use the information from the tables in the database for the web application in a windows application, but doesn’t seem to work. For example, I call MembershipUser user = Membership.GetUser(userID);, but user is null(I have used SQL Profiler, and there are no stored procedures executing). I have also created an app.config file with the same provider as I use in the web application.Can you help me with this? Thank you!

  6. Hi Vicentiu,

    Hard to say what is going wrong with more info.

    First step could be to check the Membership.Provider property and see what kind of MembershipProvider it points to. It should be a SqlMembershipProvider not the ActiveDirectoryMembershipProvider. Next the ApplicationName property, is it the same as in the web app?
    Also check the private _sqlConnectionString using the debugger, is it pointing to the database you are expecting?

    Good luck!

  7. Hi, Maurice,
    how can I check “private _sqlConnectionString” with debugger?
    While reading your articles I rewrote everything in C#

    I could not find it anywhere in the code
    I also searched with Lutz reflectoe all System.Web.Security and I could not detect it there

    Gennady Vanin

  8. hi, Maurice
    i am already using membership provider in my site but i also want to use that particular aspnetdb.mdf for retreiving data about user in the windows application
    and also ihave diffrent names of windows application and web aplication i also read the above comments by diffrent persons but iam unable to do that can u please give me a step by step details how to do that

    Nishant Barsainyan

  9. Its useful article. But I want some more info, if available. As we know this article is about to use the ASP.NET Membership in Windows application. Connection string in App.config can be hard coded inside the windows application code for security reason. My question is how to use connection string programmatically for Membership provider? because security is issue.
    If anyone has idea, plz email me a_kalhoro AT


  10. Hi Aftab,

    Not that it is really much securer to store you connection string in code but you can always change the connection string before the membership provider is first used like this:
    My.Settings.Item(“LocalSqlServer”) = “My real connection string”


  11. Hi Ather,

    In C# you should be able to use Settings.Default.Item[“LocalSqlServer”]= “My real connection string”


  12. Hi,

    I like your article and follow your example. Can you also show me how to change password in a windows form? I tried to use the membership_resetpassword, but can’t get it to work.

    Thanks in advance,


  13. Use the following code to reset the password.

    Membership.GetUser(“TestUser1”).ChangePassword(“TestUser!”, “TestUser!!”);

  14. Hi.
    You say that to change by program the connectionstring, we have to use My.Settings.Item(“LocalSqlServer”) = “My real connection string”.
    However, my.settings.Item is readonly. Can you help pleae ?

Leave a Reply

Your email address will not be published. Required fields are marked *