[ASP.NET Membership] Configuring Membership Provider

In most cases, you can use the default Membership Provider (AspNetSqlProvider). With  AspNetSqlProvider, what you need to do is to setup DB (aspnet_regsql.exe) and change the connection string.

This article provides the introduction to the provider model for developers who may want to tweak the provider settings.  

1. membership Element

The “membership” element lets you define a new membership provider with custom settings.

– Attributes –

  • defaultProvider: the name of the default membership provider (optional,  the default is AspNetSqlProvider)
  • userIsOnlineTimeWindow: Specifies the number of minutes during which the user is considered online (optional,  the default is 15)
  • hashAlgorithmType: specifies the name of the encryption algorithm that is used to hash password values (optional,  the default is SHA1)

– Child Elements –

  • providers: defines a collection of membership providers
<system.web>
  <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20">
    <providers>
      <clear />
      <add  ... />
    </providers>
  </membership>
</system.web>

2. providers Element

The “providers” element does not have an attribute and is a placeholder for providers.

– Child Elements –

  • add: adds an instance of a membership provider
  • clear: removes all instances of membership providers
  • remove: removes an instance of a membership provider

Within the “providers” element, the order of child elements matters. The add or remove actions are done in the specified order.

3. clear Element

If you put the “clear” element in the “providers” elements, all previously defined providers are removed from the collection.

It does not have any attributes or child elements.

4. remove Element

The “remove” element only has one required attribute “name“. It removes the specified provider from the collection.

5. add Element

The “add” element is the one that configures the membership provider. It has only 3 required attributes but a lot of optional attributes are available for tweaking the settings.

– Required Attributes –

  • name: specifies the name of the provider instance
  • type: specifies the type name of a custom membership provider that inherits the “System.Web.Security.MembershipProvider” abstract base class
  • connectionStringName: specifies the name of a connection string that is defined in the <connectionStrings> element.

– Optional Attributes –

  • applicationName: specifies the name of the application. The application name enables multiple ASP.NET applications to use the same database without encountering duplicate user names for different applications.
  • description: specifies a description of the instance
  • enablePasswordRetrieval: specifies whether password retrieval is supported. (the default is false for both the SQL and Active Directory)
  • enablePasswordReset: specifies whether password reset  is supported. (the default is true for the SQL provider and false for Active Directory)
  • maxInvalidPasswordAttempts: specifies the number of allowed password or password answer attempts that are not valid before the user account is locked. (the default is 5)
  • minRequiredNonalphanumericCharacters: specifies the minimum number of special characters that must be present in a valid password. (the default is 1)
  • minRequiredPasswordLength: specifies the minimum number of characters that are required in a password. (the default is 7)
  • passwordAttemptWindow: the number of minutes during which failed attempts are tracked. (the default is 10)
  • passwordStrengthRegularExpression: specifies the regular expression that is used to evaluate a password. (the default is an empty string)
  • requiresQuestionAndAnswer: specifies whether a password answer for password reset and retrieval is required. (the default is true for the SQL provider and false for the provider for Active Directory)
  • requiresUniqueEmail: specifies whether an e-mail address must be unique. (the default is true the SQL provider and false for the provider for Active Directory)

6. Implementing Membership Provider Class

You can create a custom membership type by inheriting the “MembershipProvider (http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx)” and override its properties and methods.

<system.web>
  <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="20">
    <providers>
      <clear />
      <add name="MyMembershipProvider" type="MyCom.MyMembershipProvider" connectionStringName="MyLocalSqlServer" />
    </providers>
  </membership>
</system.web>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s