FormsAuthenticationUser Class

Configures the user's credentials for Web applications that use forms-based authentication.

Namespace: System.Web.Configuration
Assembly: System.Web (in system.web.dll)

public sealed class FormsAuthenticationUser : ConfigurationElement
public final class FormsAuthenticationUser extends ConfigurationElement
public final class FormsAuthenticationUser extends ConfigurationElement
Not applicable.

The FormsAuthenticationUser class provides a way to programmatically access and modify the user section of a configuration file.

This type is part of a group that includes the FormsAuthenticationCredentials, the FormsAuthenticationUserCollection, and the FormsAuthenticationConfiguration types. The types other than the collection type directly affect the underlying configuration tags.


The FormsAuthenticationUser can write information into the related section of the configuration file at machine, site, or application level only. Any attempt to write in a configuration file at a different level in the hierarchy will result in an error message generated by the parser. However, you can use this class to read configuration information at any level in the hierarchy. For safety and scalability, it is recommended that you use an external repository, such as a database, to keep the users' credentials.

The following code example shows how to obtain the FormsAuthenticationUserCollection to access the FormsAuthenticationUser objects of an existing Web application. The configuration file will contain a setup similar to the following.


If you use the credentials Element for forms for authentication (ASP.NET Settings Schema) section, be sure to follow the guidelines explained at ASP.NET Authentication. For scalability and better security, it is recommended you use an external database to store the users' credentials. For more information about building secure ASP.NET applications, search the Microsoft MSDN Web site ( for "Securing Your ASP.NET Application" and "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication."

<authentication mode="Forms">
  <forms name="MyAppCookieName" loginUrl="/login.aspx">
    protection="Encryption" timeout="5" path="aspnet"
    cookieless="UseCookies" domain="domainName">
    <credentials passwordFormat="SHA1">
      <user name="aspnetuser1"
       <user name="aspnetuser2"

// Get the Web application configuration.
System.Configuration.Configuration configuration = 
// Get the section.
AuthenticationSection authenticationSection = 
// Get the users collection.
FormsAuthenticationUserCollection formsAuthenticationUsers =


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0