Skip Navigation Links.

Membership Provider Reference

Hero Membership provides an administrative UI on top of ASP.NET's SqlMembershipProvider. Use this reference to understand what configuration options you have with this provider and how they impact Hero Membership's administration functionality.

ASP.NET uses the following default settings:

<membership>
 <providers>
   <clear />
   <add 
     name="AspNetSqlMembershipProvider" 
     type="
      System.Web.Security.SqlMembershipProvider, 
      System.Web, 
      Version=2.0.0.0, 
      Culture=neutral, 
      PublicKeyToken=b03f5f7f11d50a3a" 
     connectionStringName="LocalSqlServer" 
     applicationName="/" 
     passwordFormat="Hashed" 
     enablePasswordRetrieval="false" 
     enablePasswordReset="true" 
     requiresQuestionAndAnswer="true" 
     requiresUniqueEmail="false" 
     minRequiredPasswordLength="7" 
     minRequiredNonalphanumericCharacters="1" 
     passwordStrengthRegularExpression=""
     maxInvalidPasswordAttempts="5" 
     passwordAttemptWindow="10" 
    />
 </providers>
</membership>

When you create new web sites using the Hero Membership project template these settings are contained in the web.config file in your project.

name

This identifies the provider when you use multiple providers. Most likely you will not change this setting.

type

This is the fully qualified type name for the provider. Since Hero Membership is built on the SqlMembership provider you should not change this setting.

connectionStringName

This is the name of the connection string that is used by the provider to access your membership database. It should match the name of a connection string configured in the <connectionStrings> section. you will typically change this setting if you are using a remote database. Watch our video Using a Remote SQL Server Database in our videos section for more info.

applicationName

Use this setting to distinguish your applications users from other applications if you are using the same database with multiple web sites.

passwordFormat

The password format controls how passwords are stored in the database. The following values are valid:

  • Hashed - passwords are stored using non reversable encrypion. This is the most secure setting since no one including your admin and support users will be able to retrieve any users password.
  • Encrypted - passwords are stored using reversable encrypion. This option is slightly less secure but allows the password to be decrypted using an encryption key.
  • Clear - passwords are stored as plain text. This is the least secure option but allows for easy retrieval of the users password under any circumstance.

enablePasswordRetrieval

This setting controls whether or not the user can have their current password emailed to them using the password recovery control. Hero Membership will also look at this setting to determine if admin and support users can retrieve your users passwords for them. In order for your admin and support users to be able to retrieve your users passwords you must set passwordFormat to Encrypted and disable requiresQuestionAndAnswer or set passwordFormat to Clear. NOTE: you can not enable this setting if passwordFormat is set to Hashed.

enablePasswordReset

This setting controls whether or not the user can have their password reset and then emailed to them using the password recovery control. Hero Membership will also look at this setting to determine if your admin and support users can reset your users passwords to a random value. In order for your admin and support users to reset passwords you must disable requiresQuestionAndAnswer or set passwordFormat to Clear.

requiresQuestionAndAnswer

This setting controls whether or not the user must provide the answer to a security question to have their password emailed to them. Enabling this setting can impact your admin and support users ability to retrieve or reset your users passwords. See enablePasswordRetrieval or enablePasswordReset for details.

requiresUniqueEmail

This setting controls whether or not multiple users can have the same email address. This affects creating new users in the Hero Membership account creation screen.

minRequiredPasswordLength

The minimum number of characters required for a password. This affects creating new users in the Hero Membership account creation screen.

minRequiredNonalphanumericCharacters

The minimum number of non alpha numeric characters (e.g. !@#$.) required for a password. This affects creating new users in the Hero Membership account creation screen.

passwordStrengthRegular
Expression

A regular expression for validating new passwords. This affects creating new users in the Hero Membership account creation screen.

maxInvalidPasswordAttempts

This is the maximum number of times a user can try to login with an invalid password within a certain time period before their account is locked.

passwordAttemptWindow

The number of minutes in which a maximum number of invalid password or password answer attempts are allowed before the user's account is locked.