I have created a Webservice with three methods (the methods are handling "SQL Server Users"). CreateUser() { ... MembershipUser newUser = Membership.CreateUser(userName, pwd , emailAddress); ... } UpdateUserRoles() { ... Roles.AddUserToRoles(userName, newRoles); ... } DeleteUser() { ... Membership.DeleteUser(userName, true); ... } The CreateUser and UpdateUserRoles method works fine. When DeleteUser method is called I got an error. "The request failed with HTTP status 401: Unauthorized." Is there different security level between Membership.CreateUser and Membership.DeleteUser.