Name
<credentials>
Synopsis
<credentials passwordFormat="Clear|SHA1|MD5"> </credentials>
Allows you to store one or more sets of credentials in the
application (or machine) configuration file for later use in
authenticating requests. The child <user>
element is used to store the actual credentials.
Scope
Machine, Application
Attributes
-
passwordFormat
Specifies the format in which passwords will be stored (and compared). Valid options are
Clear
,SHA1
, andMD5
.
Child Elements
<user>
Example
The example shows the <credentials>
element,
which is used to store two user accounts to authenticate against:
<credentials passwordFormat = "SHA1"> <user name="foo" password="794ED3D18464BAFF93F8DED1CFD00D9A2D9FE316"/> <user name="bar" password="B7CDD2A2B0F05E6948E5CEED22FA9A38EB28DEC8"/> </credentials>
Notes
Once you’ve stored the credentials, you can
authenticate against them by calling the static (shared) Authenticate
method of the FormsAuthentication
helper class.
You can use the static (shared) HashPasswordForStoringInConfigFile
method of FormsAuthentication
to create an MD5 or
SHA1 hash of the password for storing in the
<user>
element. When using the
<credentials>
element to store credentials,
you should always hash passwords, since storing them in readable text
presents a potential security risk. Although theoretically, no one
should be able to read the configuration file, a server
misconfiguration or security vulnerability could conceivably expose
this file.
Get ASP.NET in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.