<credentials> Element
Allows optional definition of name and password credentials within the configuration file. You also can implement a custom password scheme to use an external source, such as a database, to control validation.
<configuration>
<system.web>
<authentication>
<forms>
** <credentials>**
<credentials
passwordFormat="Clear|SHA1|MD5"
</credentials>
Required Attribute
| Attribute | Option | Description |
|---|---|---|
| passwordFormat | Specifies the encryption format for storing passwords. | |
| Clear | Specifies that passwords are not encrypted. | |
| MD5 | Specifies that passwords are encrypted using the MD5 hash algorithm. | |
| SHA1 | Specifies that passwords are encrypted using the SHA1 hash algorithm. |
Subtag
| Subtag | Description |
|---|---|
| <user> | Allows definition of user name and password credentials within the configuration file. This method of storing credentials should be used only in applications that don't require a high level of security. |
Example
The following example specifies the authentication mode, logon page, and logon credentials encryption format. Credentials for three users are stored in the configuration file.
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="401kApp" loginUrl="/login.aspx">
<credentials passwordFormat = "SHA1"
<user name="UserName1" password="SHA1EncryptedPassword1"/>
<user name="UserName2" password="SHA1EncryptedPassword2"/>
<user name="UserName3" password="SHA1EncryptedPassword3"/>
</credentials>
</forms>
</authentication>
</system.web>
</configuration>
Requirements
Contained Within: <system.web>
Web Platform: IIS 5.0, IIS 5.1, IIS 6.0
Configuration File: Machine.config, Web.config
Configuration Section Handler: System.Web.Configuration.CompilationConfigHandler
See Also
<authentication> Element | <forms> Element | ASP.NET Configuration | ASP.NET Settings Schema