Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
.NET Framework Developer Center
Click to Rate and Give Feedback
Collapse All/Expand All Collapse All
This page is specific to
Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:
.NET Framework General Reference
credentials Element for forms for authentication (ASP.NET Settings Schema)

Allows optional definitions of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation.

Caution noteCaution:

This method of storing credentials should be used only in applications that do not require a high level of security.

configuration Element (General Settings Schema)
  system.web Element (ASP.NET Settings Schema)
    authentication Element (ASP.NET Settings Schema)
      forms Element for authentication (ASP.NET Settings Schema)
        credentials Element for forms for authentication (ASP.NET Settings Schema)
<credentials 
   passwordFormat="[Clear|SHA1|MD5]"
>
  <user />
</credentials>
 Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

passwordFormat

Required attribute.

Specifies the encryption format for storing passwords.

This attribute can be one of the following values.

ValueDescription
ClearSpecifies that passwords are not encrypted.
MD5Specifies that passwords are encrypted with the MD5 hash algorithm.
SHAISpecifies that passwords are encrypted with the SHA1 hash algorithm.

The default is SHA1.

Child Elements

Element

Description

clear

Removes all references to inherited connection strings allowing only those that are added by the current user element.

remove

Removes a reference to an inherited user account from the collection of credentials.

user

Adds a definition of user name and password credentials to the collection of credentials.

Parent Elements

Element

Description

configuration

Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications.

system.web

Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave.

authentication

Configures the ASP.NET authentication scheme that is used to identify users who view an ASP.NET application.

forms

Configures an ASP.NET application for custom forms–based authentication.
 Remarks

The credentials element allows optional definitions of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation. If multiple applications are running on a single server, the attributes of the forms element must be configured in the Web.config file for each application. For more information, see Forms Authentication Across Applications.

Default Configuration

The following default credentials element is not explicitly configured in the Machine.config or root Web.config file. However, it is the default configuration that is returned by the application.

<credentials passwordFormat="SHA1" />
 Example

The following code example demonstrates how to specify the authentication mode, logon page, and logon credentials encryption format. Credentials for three user accounts are stored in the configuration file.

<configuration>
   <system.web>
      <authentication mode="Forms">
         <forms name="401kApp" loginUrl="/login.aspx">
            <credentials passwordFormat = "SHA1">
               <user 
                  name="UserName1" 
                  password="SHA1EncryptedPassword1"/>
               <user 
                  name="UserName2" 
                  password="SHA1EncryptedPassword2"/>
               <user 
                  name="UserName3" 
                  password="SHA1EncryptedPassword3"/>
            </credentials>
         </forms>
      </authentication>
   </system.web>
</configuration>
 Element Information

Configuration section handler

AuthenticationSection

Configuration member

Credentials

Configurable locations

Machine.config

Root-level Web.config

Application-level Web.config

Requirements

Microsoft Internet Information Services (IIS) version 5.0, 5.1, or 6.0

The .NET Framework version 1.0, 1.1, or 2.0

Microsoft Visual Studio 2003 or Visual Studio 2005
 See Also

Tasks

How to: Configure Specific Directories Using Location Settings
How to: Lock ASP.NET Configuration Settings

Concepts

Forms Authentication Across Applications
ASP.NET Configuration File Hierarchy and Inheritance
Securing ASP.NET Configuration
ASP.NET Configuration Scenarios

Reference

forms Element for authentication (ASP.NET Settings Schema)
clear Element for credentials for authentication (ASP.NET Settings Schema)
remove Element for credentials for authentication (ASP.NET Settings Schema)
user Element for credentials for authentication (ASP.NET Settings Schema)
authentication Element (ASP.NET Settings Schema)
credentials Element for forms for authentication (ASP.NET Settings Schema)
system.web Element (ASP.NET Settings Schema)
passport Element for authentication (ASP.NET Settings Schema)
configuration Element (General Settings Schema)
System.Configuration
System.Web.Configuration
AuthenticationSection
Credentials

Other Resources

ASP.NET Authentication
General Configuration Settings (ASP.NET)
ASP.NET Configuration Settings
Administering ASP.NET Web Sites
ASP.NET Configuration Files
ASP.NET Configuration API
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement | Site Feedback
Page view tracker