Getting an authentication system right is hard, because it’s so easy to build something that only appears to work. You don’t want to find yourself in a situation where a year after deployment you finally discover your system was cracked six months previously.

Building your system using the MembershipProvider model helps you do it right by giving you a skeleton that lends itself to being implemented correctly. You only need to accurately fill in a set of methods, and you can rely on the high-level architecture provided to make sure you are using the right methods in the right places.

Getting individual method implementations done right is comparatively easy. You can put those into your unit test and have confidence that they do what they are supposed to.

Put another way, you don’t have to worry about whether you check your authentication token in the right places. The parts of ASP.Net that call into the membership provider know when to do that. All you have to do is correctly implement the check, and that normally comes down to a simple comparison.

Additionally, you may not need to start from scratch. You have to option to inherit from an existing provider and only add the functionality you want that it doesn’t already provide.