Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
<credentials> Element
Collapse the table of content
Expand the table of content

<credentials> Element

Allows optional definition of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation.



Required Attribute

Attribute Option Description
passwordFormat     Specifies the encryption format for storing passwords.
    Clear Specifies that passwords are not encrypted.
    MD5 Specifies that passwords are encrypted using the MD5 hash algorithm.
    SHA1 Specifies that passwords are encrypted using the SHA1 hash algorithm.


Subtag Description
<user> Allows definition of user name and password credentials within the configuration file. This method of storing credentials should be used only in applications that don't require a high level of security.


The following example specifies the authentication mode, logon page, and logon credentials encryption format. Credentials for three users are stored in the configuration file.

      <authentication mode="Forms">
         <forms name="401kApp" loginUrl="/login.aspx">
            <credentials passwordFormat = "SHA1" 
               <user name="UserName1" password="SHA1EncryptedPassword1"/>
               <user name="UserName2" password="SHA1EncryptedPassword2"/>
               <user name="UserName3" password="SHA1EncryptedPassword3"/>


Contained Within: <system.web>

Web Platform: IIS 5.0, IIS 5.1, IIS 6.0

Configuration File: Machine.config, Web.config

Configuration Section Handler: System.Web.Configuration.CompilationConfigHandler

See Also

<authentication> Element | <forms> Element | ASP.NET Configuration | ASP.NET Settings Schema

© 2015 Microsoft