Configuring an ASP.NET Application to Use Membership

ASP.NET Membership is configured using the membership element in the Web.config file for your application. The membership element is a sub-element of the system.web section. You can enable ASP.NET Membership for an application by directly editing the Web.config file for that application, or you can use the Web Site Administration Tool, which provides a wizard-based interface. As part of membership configuration, you specify:

  • Which membership provider (or providers) to use. (This typically also specifies what database to store membership information in.)

  • Password options such as encryption and whether to support password recovery based on a user-specific question.

  • Users and passwords. If you are using the Web Site Administration Tool, you can create and manage users directly. Otherwise, you must call membership functions to create and manage users programmatically.

For an example of configuring ASP.NET Membership using the Web Site Administration Tool, see Walkthrough: Creating a Web Site with Membership and User Login.

Specifying the Default Provider

You specify the default membership provider using the defaultProvider attribute of the membership element. The machine configuration specifies a SqlMembershipProvider instance named "AspNetSqlMembershipProvider" that is identified as the default provider if you do not specify a default provider explicitly. The "AspNetSqlMembershipProvider" connects to the aspnetdb database in the local SQL Server.

Note

You need to set up the database used by the SqlMembershipProvider before using it in an application. For details, see Creating and Configuring the Application Services Database for SQL Server.

You can also specify the default provider instance and options for that provider by configuring a provider in the membership section. You use the providers element to identify a provider to add to the collection of providers available for the application. You can identify your provider instance as the default provider by using the value of the name attribute as the defaultProvider value. When you specify a provider instance, you must also specify a valid connection string for that instance by using the connectionStrings section of the configuration. For example, the following Web.config file identifies a SqlMembershipProvider instance that connects to a SQL Server other than the local server.

<configuration>
  <connectionStrings>
    <add name="MySqlConnection" connectionString="Data 
      Source=MySqlServer;Initial Catalog=aspnetdb;Integrated
      Security=SSPI;" />
  </connectionStrings>
  <system.web>
    <authentication mode="Forms" >
      <forms loginUrl="login.aspx"
        name=".ASPXFORMSAUTH" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear />
        <add 
          name="SqlProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="MySqlConnection"
          applicationName="MyApplication"
          enablePasswordRetrieval="false"
          enablePasswordReset="true"
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="true"
          passwordFormat="Hashed" />
      </providers>
    </membership>
  </system.web>
</configuration>

See Also

Other Resources

Managing Users by Using Membership