Asp.Net MVC 3 MembershipProvider and ClientCertificate

Question

I was thinking about writing my own MembershipProvider for my web app. People won't normally register but will be supplied with login info. Will membership then not be the right thing?

I still will have some roles and such as well and I might wan't to be able for people to Authenticate using ClientCertificate instead of normal login. I still wan't them to be membership verified (there is a identifiable field in Certificate and Database I could use) and use roles and such.

Is MembershipProvider perhaps only used with original login Authentication and not authorization?

There doesn't seem to happen anything special when a user is validated so hwo does the authorization atrtibute know who is autorized?