In most cases, you can use the default Membership Provider (AspNetSqlProvider). With AspNetSqlProvider, what you need to do is to setup DB (aspnet_regsql.exe) and change the connection string.
This article provides the introduction to the provider model for developers who may want to tweak the provider settings.
1. membership Element
The “membership” element lets you define a new membership provider with custom settings.
– Attributes –
- defaultProvider: the name of the default membership provider (optional, the default is AspNetSqlProvider)
- userIsOnlineTimeWindow: Specifies the number of minutes during which the user is considered online (optional, the default is 15)
- hashAlgorithmType: specifies the name of the encryption algorithm that is used to hash password values (optional, the default is SHA1)
– Child Elements –
- providers: defines a collection of membership providers
<system.web> <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20"> <providers> <clear /> <add ... /> </providers> </membership> </system.web>
2. providers Element
The “providers” element does not have an attribute and is a placeholder for providers.
– Child Elements –
- add: adds an instance of a membership provider
- clear: removes all instances of membership providers
- remove: removes an instance of a membership provider
Within the “providers” element, the order of child elements matters. The add or remove actions are done in the specified order.
3. clear Element
If you put the “clear” element in the “providers” elements, all previously defined providers are removed from the collection.
It does not have any attributes or child elements.
4. remove Element
The “remove” element only has one required attribute “name“. It removes the specified provider from the collection.
5. add Element
The “add” element is the one that configures the membership provider. It has only 3 required attributes but a lot of optional attributes are available for tweaking the settings.
– Required Attributes –
- name: specifies the name of the provider instance
- type: specifies the type name of a custom membership provider that inherits the “System.Web.Security.MembershipProvider” abstract base class
- connectionStringName: specifies the name of a connection string that is defined in the <connectionStrings> element.
– Optional Attributes –
- applicationName: specifies the name of the application. The application name enables multiple ASP.NET applications to use the same database without encountering duplicate user names for different applications.
- description: specifies a description of the instance
- enablePasswordRetrieval: specifies whether password retrieval is supported. (the default is false for both the SQL and Active Directory)
- enablePasswordReset: specifies whether password reset is supported. (the default is true for the SQL provider and false for Active Directory)
- maxInvalidPasswordAttempts: specifies the number of allowed password or password answer attempts that are not valid before the user account is locked. (the default is 5)
- minRequiredNonalphanumericCharacters: specifies the minimum number of special characters that must be present in a valid password. (the default is 1)
- minRequiredPasswordLength: specifies the minimum number of characters that are required in a password. (the default is 7)
- passwordAttemptWindow: the number of minutes during which failed attempts are tracked. (the default is 10)
- passwordStrengthRegularExpression: specifies the regular expression that is used to evaluate a password. (the default is an empty string)
- requiresQuestionAndAnswer: specifies whether a password answer for password reset and retrieval is required. (the default is true for the SQL provider and false for the provider for Active Directory)
- requiresUniqueEmail: specifies whether an e-mail address must be unique. (the default is true the SQL provider and false for the provider for Active Directory)
6. Implementing Membership Provider Class
You can create a custom membership type by inheriting the “MembershipProvider (http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx)” and override its properties and methods.
<system.web> <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20"> <providers> <clear /> <add name="MyMembershipProvider" type="MyCom.MyMembershipProvider" connectionStringName="MyLocalSqlServer" /> </providers> </membership> </system.web>