If that is the membership provider sample, the sample database (on the web server) includes a user entry that was set up using the standard ASP.NET membership config admin pages, for the purpose of the demo.
I imagine in a real app you'd prompt the user for their username/password and use the Csla.Security.MembershipIdentity to authenticate those values.
The code you are looking at is slightly more complex than it needs to be. You can actually create instances of MembershipIdentity directly if you don't need to customize the identity. I think I created a more basic demo in the CslaNet\cs folder, because I do cover this in the 2008 book.
Copyright (c) Marimer LLC