ASP.NET Syntax ASP.NET Configuration Sections
Allows optional definitions of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation.
NOTE: This method of storing credentials should be used only in applications that do not require a high level of security.
<credentials passwordFormat="[ Clear | SHA1 | MD5 ]">
<clear />
<remove />
<user />
</credentials>
The following sections describe attributes, child elements, and parent elements.
Attribute |
Description |
passwordFormat |
Required attribute.
Specifies the encryption format for storing passwords.
This attribute can be one of the following values.
Value |
Description |
Clear |
Specifies that passwords are not encrypted. |
MD5 |
Specifies that passwords are encrypted with the MD5 hash algorithm. |
SHAI |
Specifies that passwords are encrypted with the SHA1 hash algorithm. |
The default is SHA1. |
Element |
Description |
clear |
Removes all references to inherited connection strings allowing only those that are added by the current user element. |
remove |
Removes a reference to an inherited user account from the collection of credentials. |
user |
Adds a definition of user name and password credentials to the collection of credentials. |
Element |
Description |
configuration |
Specifies the required root element in every configuration file that is used by the common language runtime and the .NET Framework applications. |
system.web |
Specifies the root element for the ASP.NET configuration settings in a configuration file and contains configuration elements that configure ASP.NET Web applications and control how the applications behave. |
authentication |
Configures the ASP.NET authentication scheme that is used to identify users who view an ASP.NET application. |
forms |
Configures an ASP.NET application for custom forms-based authentication. |
The credentials element allows optional definitions of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation. If multiple applications are running on a single server, the attributes of the forms element must be configured in the Web.config file for each application. For more information, see Forms Authentication Across Applications.
The following default credentials element is not explicitly configured in the Machine.config or root Web.config file. However, it is the default configuration that is returned by the application.
<credentials passwordFormat="SHA1" />
The following code example demonstrates how to specify the authentication mode, logon page, and logon credentials encryption format. Credentials for three user accounts are stored in the configuration file.
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="401kApp" loginUrl="/login.aspx">
<credentials passwordFormat = "SHA1">
<user name="UserName1"
password="SHA1EncryptedPassword1" />
<user name="UserName2"
password="SHA1EncryptedPassword2" />
<user name="UserName3"
password="SHA1EncryptedPassword3" />
</credentials>
</forms>
</authentication>
</system.web>
</configuration>
ASP.NET Authentication <authentication> Section <authentication> forms Element