The most notable change to Forms authentication in ASP.NET 2.0 is the introduction of a complementary API—the membership API. The membership API provides a set of classes to let you manage users and roles. Partnered with the FormsAuthentication class, the new Membership and Roles classes form a complete security toolkit for ASP.NET developers. The Membership class supplies methods to manage user accounts—checking credentials, adding or deleting a new user and editing any associated user information such as e-mail address and password. The Roles class creates and manages associations between users and roles.
The membership API doesn't bind you to a fixed data store and data scheme. It leaves you free to choose any data store and scheme you want, but it binds you to a fixed API instead through which users and roles are managed. The membership API shields you from the details of how the credentials and other user information are retrieved and compared. It is based on providers and delegates to the selected provider the implementation of all the features defined by the API itself.
The Membership class defaults to a provider that stores user information to a SQL Express database in a predefined format. The default database is named aspnetdb.mdf and is created by the Web Site Administration Tool (WSAT) from within Visual Studio 2005. You should note that the database is not specifically for forms authentication but is designed to contain tables for a variety of ASP.NET customizable features including user profiles and Web Parts.
To use a custom data store such as an Active Directory or a personal database, you need to register the provider in the configuration file. ASP.NET 2.0 comes with a built-in provider for ActiveDirectory; if you wish to use a custom database or, more likely, you have an existing database with user credentials to reuse all that you have to do is creating your own membership provider and just plug it in. Creating a membership provider is as easy as deriving a new class from MembershipProvider and override a few members to implement the operations you need. Easy and effective.