Export (0) Print
Expand All
Expand Minimize

<credentials> Element

Allows optional definition of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation.

<configuration>
   <system.web>
      <authentication>
         <forms>
            <credentials>

<credentials 
   passwordFormat="Clear|SHA1|MD5"
</credentials>

Required Attribute

Attribute Option Description
passwordFormat     Specifies the encryption format for storing passwords.
    Clear Specifies that passwords are not encrypted.
    MD5 Specifies that passwords are encrypted using the MD5 hash algorithm.
    SHA1 Specifies that passwords are encrypted using the SHA1 hash algorithm.

Subtag

Subtag Description
<user> Allows definition of user name and password credentials within the configuration file. This method of storing credentials should be used only in applications that don't require a high level of security.

Example

The following example specifies the authentication mode, logon page, and logon credentials encryption format. Credentials for three users are stored in the configuration file.

<configuration>
   <system.web>
      <authentication mode="Forms">
         <forms name="401kApp" loginUrl="/login.aspx">
            <credentials passwordFormat = "SHA1" 
               <user name="UserName1" password="SHA1EncryptedPassword1"/>
               <user name="UserName2" password="SHA1EncryptedPassword2"/>
               <user name="UserName3" password="SHA1EncryptedPassword3"/>
            </credentials>
         </forms>
      </authentication>
   </system.web>
</configuration>

Requirements

Contained Within: <system.web>

Web Platform: IIS 5.0, IIS 5.1, IIS 6.0

Configuration File: Machine.config, Web.config

Configuration Section Handler: System.Web.Configuration.CompilationConfigHandler

See Also

<authentication> Element | <forms> Element | ASP.NET Configuration | ASP.NET Settings Schema

Show:
© 2014 Microsoft