Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Allows optional definition of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation.
<configuration>
<system.web>
<authentication>
<forms>
** <credentials>**
<credentials
passwordFormat="Clear|SHA1|MD5"
</credentials>
Required Attribute
| Attribute | Option | Description |
|---|---|---|
| passwordFormat | Specifies the encryption format for storing passwords. | |
| Clear | Specifies that passwords are not encrypted. | |
| MD5 | Specifies that passwords are encrypted using the MD5 hash algorithm. | |
| SHA1 | Specifies that passwords are encrypted using the SHA1 hash algorithm. |
Subtag
| Subtag | Description |
|---|---|
| <user> | Allows definition of user name and password credentials within the configuration file. This method of storing credentials should be used only in applications that don't require a high level of security. |
Example
The following example specifies the authentication mode, logon page, and logon credentials encryption format. Credentials for three users are stored in the configuration file.
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="401kApp" loginUrl="/login.aspx">
<credentials passwordFormat = "SHA1"
<user name="UserName1" password="SHA1EncryptedPassword1"/>
<user name="UserName2" password="SHA1EncryptedPassword2"/>
<user name="UserName3" password="SHA1EncryptedPassword3"/>
</credentials>
</forms>
</authentication>
</system.web>
</configuration>
Requirements
Contained Within: <system.web>
Web Platform: IIS 5.0, IIS 5.1, IIS 6.0
Configuration File: Machine.config, Web.config
Configuration Section Handler: System.Web.Configuration.CompilationConfigHandler
See Also
<authentication> Element | <forms> Element | ASP.NET Configuration | ASP.NET Settings Schema