System.Web 2.0.0.0 System.Web.Security.MembershipProvider This class is used by the and classes to provide membership services for an ASP.NET application using a SQL Server database. You cannot use a without SQL Server. When your computer has SQL Server Express installed with the default instance name and user-instancing enabled, the object will create a database called aspnetdb in the application's App_Data directory the first time the application is run. To manually create the database, run the Aspnet_regsql.exe executable found in the %systemroot%\Microsoft.NET\Framework\ versionNumber folder and specify the -A m option (for example aspnet_regsql.exe -A m). The database created is called Aspnetdb. Alternatively, run Aspnet_regsql.exe to pull up the GUI configuration mode and choose to configure all ASP.NET Features. If the membership provider is configured with a connection string that uses integrated security, the process account of the ASP.NET application must have rights to connect to the SQL Server database. The Machine.config file defines a default instance named AspNetSqlMembershipProvider that connects to the default SQL Server Express instance on the local machine. You can use this instance of the provider if you installed SQL Server Express with the default instance name, or you can define your own instance in the Web.config file for your ASP.NET application. If you set the passwordCompatMode attribute to , the application can use the hashing and encryption membership options that were added in ASP.NET 4. However, if the passwordCompatMode attribute is set to , only the hashing and encryption membership options from the ASP.NET 2.0, ASP.NET 3.5, and ASP.NET 3.5 SP1 can be used. The default value is . For more information, see .

Manages storage of membership information for an ASP.NET application in a SQL Server database.

Constructor The constructor is called by ASP.NET to create an instance of the class as specified in the configuration for the application. This constructor is not intended to be used from your code.

Initializes a new instance of the class.

2.0.0.0 Property System.String To be added. The is used by the to group user information. By qualifying user information with an application name, you can store information for multiple applications in a single database without running into conflicts between duplicate user names. Also, multiple ASP.NET applications can use the same user database by specifying the same value in the property. The property can be set programmatically, or it can be set declaratively in the configuration file for the Web application with the applicationName attribute. If a value is not specified for the applicationName attribute in the configuration file for the Web application, then the property value for the first request made to the application is used. Because a single default membership provider instance is used for all of the requests served by an object, you can have multiple requests executing concurrently and attempting to set the property value. The property is not thread safe for multiple writes, and changing the property value can result in unexpected behavior for multiple users of an application. We recommend that you avoid writing code to allow users to set the property unless you must. An example of an application where setting the property may be required is an administrative application that manages membership data for multiple applications. Such an application should be a single-user application and not a Web application.

Gets or sets the name of the application to store and retrieve membership information for.

2.0.0.0 Method System.Boolean To be added. To be added. This method is called by the class to update the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config). The maximum password length is 128 characters. If an incorrect password is supplied to the method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the and properties. You can call the method directly by first obtaining a reference to the instance through the property of the class. The property exposes the defaultProvider specified in the Web.config file for the application. Configured providers that are not the default provider referenced using the property. You can also change user passwords by using the method. Leading and trailing spaces are trimmed from all parameter values.

Modifies a user's password.

true if the password was updated successfully. false if the supplied old password is invalid, the user is locked out, or the user does not exist in the database. The user to update the password for. 2.0.0.0 Method System.Boolean To be added. To be added. This method is called by the class to update the password question and answer for a user in the SQL Server database that is specified in the ASP.NET application's configuration file (Web.config). The password answer is encrypted using the format that is specified in the property. Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. When creating a user name, a user can supply a question and answer that can later be used to retrieve or reset a forgotten password. The method updates the password question and answer for a membership user. If an incorrect password is supplied to the method, the internal counters that track invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by calling the method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the and properties. The maximum length for the password question is 256 characters. The maximum length for the password answer is 128 characters. For more information, see , , and . Leading and trailing spaces are trimmed from all parameter values.

Updates the password question and answer for a user in the SQL Server membership database.

true if the update was successful; otherwise, false. A value of false is also returned if the is incorrect, the user is locked out, or the user does not exist in the database. The user to change the password question and answer for. The password for the specified user. 2.0.0.0 Method System.Web.Security.MembershipUser To be added. To be added. To be added. To be added. To be added. To be added. To be added. To be added.

To be added.

To be added. To be added. 2.0.0.0 Method System.Boolean This method is called by the class to remove a user from the SQL Server database specified in the ASP.NET application's configuration file. Deleted users are only deleted from the configured . If is set to true, then all user data stored in the database for the , , or personalization features is also deleted for the configured . If the membership user does not exist in the database, and is true, then the related data and the user information stored for the , , or personalization features will still be deleted for the application specified in the property. As a result, the method can be used for quickly deleting information related to a user, even when the object is not used for storing authenticated user information. Leading and trailing spaces are trimmed from the parameter value.

Removes a user's membership information from the SQL Server membership database.

true if the user was deleted; otherwise, false. A value of false is also returned if the user does not exist in the database. The name of the user to delete. true to delete data related to the user from the database; false to leave data related to the user in the database. 2.0.0.0 Property System.Boolean To be added. Password reset allows the membership provider to replace the current password for a user name with a new, randomly generated password. This is especially useful when the property is set to , as users cannot retrieve hashed password values.

Gets a value indicating whether the SQL Server membership provider is configured to allow users to reset their passwords.

2.0.0.0 Property System.Boolean To be added. If the property is set to , a user will not be able to retrieve his or her existing password from the database. The password format provides one-way encoding of password values. Passwords are hashed with a randomly generated salt value and compared to values stored in the database for authentication. Hashed values cannot be unencoded to retrieve the original password value. If the property is set to , and is set to true, a is thrown when the provider is initialized.

Gets a value indicating whether the SQL Server membership provider is configured to allow users to retrieve their passwords.

2.0.0.0 Method System.Web.Security.MembershipUserCollection To be added. To be added. To be added. To be added.

To be added.

To be added. To be added. 2.0.0.0 Method System.Web.Security.MembershipUserCollection To be added. To be added. To be added. To be added.

To be added.

To be added. To be added. 2.0.0.0 Method System.String The class provides a method, which generates a password of a specified size with at least the specified number of non-alphabetic characters. The method of the calls the method of the class to retrieve a random password that is at least 14 characters long. If the property is greater than 14, the password returned will be the length specified in the property. You can specifically call the method by referencing the class directly from the property of the class. The generated password only contains alphanumeric characters and the following punctuation marks: !@#$%^&*()_-+=[{]};:<>|./?. No hidden or non-printable control characters are included in the generated password. The random password created by the method is not guaranteed to pass the regular expression in the property. However, the random password will meet the criteria established by the and properties.

Generates a random password that is at least 14 characters long.

A random password that is at least 14 characters long. 2.0.0.0 Method System.Web.Security.MembershipUserCollection To be added. To be added. To be added.

To be added.

To be added. To be added. 2.0.0.0 Method System.Int32 This method is called by the class to retrieve the number of users considered online from the SQL Server database specified in the ASP.NET application's configuration file (Web.config). returns the number of users of the current application whose last activity date and time is greater than the current date and time less the value of the property in minutes. Only users associated with the configured are included in the count.

Returns the number of users currently accessing the application.

The number of users currently accessing the application. 2.0.0.0 Method System.String To be added. This method is called by the class to retrieve the password for a user from the SQL Server database specified in the ASP.NET application's configuration file (Web.config). If an incorrect password answer is supplied to the method, the internal counter that tracks invalid password-answer attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero. For more information, see the and properties. You can call the method directly by first obtaining a reference to the instance through the property of the class. If the property is set to , the method cannot retrieve the password. Hashed passwords are encrypted one-way and cannot be decrypted. If the property is set to , and is set to true, a is thrown when the provider is initialized. Leading and trailing spaces are trimmed from all parameter values.

Returns the password for the specified user name from the SQL Server membership database.

The password for the specified user name. The user to retrieve the password for. 2.0.0.0 Method System.Web.Security.MembershipUser retrieves the user information from the data source and creates a object populated with the returned data. The user is identified using the unique identifier specified with the parameter.

Gets the information from the data source for the membership user associated with the specified unique identifier and updates the last activity date/time stamp for the user, if specified.

A object representing the user associated with the specified unique identifier. If no user is found in the database for the specified value, null is returned. The unique identifier for the user. true to update the last-activity date/time stamp for the specified user; otherwise, false. 2.0.0.0 Method System.Web.Security.MembershipUser This method is called by the class to retrieve user information from the SQL Server database specified in the ASP.NET application's configuration file (Web.config). If is true, the last activity date/time stamp for the user is updated to the current date and time. This is reflected in the and properties and in the value returned by . Leading and trailing spaces are trimmed from the parameter value.

Returns information from the SQL Server membership database for a user and provides an option to update the last activity date/time stamp for the user.

A object representing the specified user. If no user is found in the database for the specified value, null is returned. The name of the user to get information for. true to update the last activity date/time stamp for the user; false to return user information without updating the last activity date/time stamp for the user. 2.0.0.0 Method System.String This method is called by the class with an e-mail address, which it uses to retrieve an associated user name from the SQL Server database specified in the ASP.NET application's configuration file (Web.config). If more than one user in the membership database has the same e-mail address, the first user name encountered is returned. You can set the requiresUniqueEmail attribute to true in the application-configuration file to ensure that each e-mail address in the database is unique. Leading and trailing spaces are trimmed from the parameter value.

Gets the user name associated with the specified e-mail address.

The user name associated with the specified e-mail address. If no match is found, this method returns null. The e-mail address to search for. 2.0.0.0 Method System.Void This method initializes the with the property values specified in the ASP.NET application configuration file (Web.config) and is not intended to be used directly from your code.

Initializes the SQL Server membership provider with the property values specified in the ASP.NET application's configuration file. This method is not intended to be used directly from your code.

The name of the instance to initialize. A that contains the names and values of configuration options for the membership provider. 2.0.0.0 Property System.Int32 To be added. The works in conjunction with the to guard against an unwanted source guessing the password or password answer of a membership user through repeated attempts. If the number of invalid passwords or password questions supplied for a membership user is greater than or equal to the value of the property within the number of minutes identified by the value of the property, then the membership user is locked out by setting the property to true until the user is unlocked with the method. If a valid password is supplied before the value is reached, the counters that track the number of invalid password and password-answer attempts are reset to zero. If a valid password answer is supplied before the value is reached, only the counter that tracks the number of invalid password-answer attempts is reset to zero. The keeps counts of invalid password attempts and invalid password-answer attempts separately. Invalid password attempts result in only the password-attempt counter being incremented. Invalid password-answer attempts result in only the password-answer counter being incremented. The property value is set in the application configuration using the maxInvalidPasswordAttempts attribute of the membership configuration section. If the property is set to false, invalid password-answer attempts are not tracked.

Gets the number of invalid password or password-answer attempts allowed before the membership user is locked out.

2.0.0.0 Property System.Int32 To be added. The property returns the minimum number of special, non-alphabetic characters that must be entered to create a valid password for the object. The property value is set in the application configuration using the minRequiredNonalphanumericCharacters attribute of the membership configuration element. A non-alphanumeric character is a character for which the method returns false.

Gets the minimum number of special characters that must be present in a valid password.

2.0.0.0 Property System.Int32 To be added. property gets the minimum number of characters that must be entered to create a valid password for the object. The property value is set in the application configuration using the minRequiredPasswordLength attribute of the membership configuration element.

Gets the minimum length required for a password.

2.0.0.0 Property System.Int32 To be added. The property works in conjunction with the property to help guard against an unwanted source guessing the password or the password answer of a membership user through repeated attempts. When users are attempting to log in, change their password, or reset their password, only a certain number of consecutive attempts are allowed within a specified time window. The length of the time window is specified by the property, which identifies the number of minutes allowed between invalid attempts. If the number of consecutive failed attempts that a user makes to reset his or her password equals the value stored in the property, and the time elapsed since the last invalid attempt is less than the number of minutes specified for the property, then the membership user is locked out by setting the property to true. The user can be unlocked by calling the method. If the interval between the current failed attempt and the last failed attempt is greater than the property setting, the current invalid attempt is counted as the first. If a valid password answer is supplied before the maximum number of allowed invalid attempts is reached, the count of invalid password-answer attempts is set to zero. If a valid password is supplied before the maximum number of allowed invalid attempts is reached, the count of invalid password attempts and the count of invalid password-answer attempts are set to zero. The keeps count of invalid password attempts and invalid password-answer attempts separately. Invalid password attempts result in only the password-attempt counter being incremented. Invalid password-answer attempts result in only the password-answer counter being incremented. The property value is set in the application configuration using the passwordAttemptWindow attribute of the membership configuration section. If the property is set to false, invalid password-answer attempts are not tracked.

Gets the time window between which consecutive failed attempts to provide a valid password or password answers are tracked.

2.0.0.0 Property System.Web.Security.MembershipPasswordFormat To be added. The SQL Server membership provider supports Clear, Encrypted, and Hashed password formats. Clear passwords are stored in plain text, which improves the performance of password storage and retrieval but is less secure, as passwords are easily read if your SQL Server database is compromised. Encrypted passwords are encrypted when stored and can be decrypted for password comparison or password retrieval. This requires additional processing for password storage and retrieval, but is more secure, as passwords cannot easily be determined if the SQL Server database is compromised. Hashed passwords are hashed using a one-way hash algorithm and a randomly generated salt value when stored in the database. When a password is validated, it is hashed with the salt value in the database for verification. Hashed passwords cannot be retrieved. The value is specified in the providers section of the Web.config file for the ASP.NET application. Encrypted and Hashed passwords are encrypted or hashed by default based on information supplied in the machineKey element in your configuration. Note that if you specify a value of 3DES for the validation attribute, or if no value is specified, hashed passwords will be hashed using the algorithm. A custom hash algorithm can be defined using the hashAlgorithmType attribute of the membership configuration element. If you choose encryption, default password encryption uses AES. You can change the encryption algorithm by setting the decryption attribute of the machineKey configuration element. If you are encrypting passwords, you must provide an explicit value for the decryptionKey attribute in the machineKey element. The default value of AutoGenerate for the decryptionKey attribute is not supported when using encrypted passwords with ASP.NET Membership.

Gets a value indicating the format for storing passwords in the SQL Server membership database.

2.0.0.0 Property System.String To be added. The property gets the regular expression used to evaluate password complexity for the object. The property is set in the application configuration using the passwordStrengthRegularExpression attribute of the membership configuration element.

Gets the regular expression used to evaluate a password.

2.0.0.0 Property System.Boolean To be added. Requiring a password question and answer provides an additional layer of security when retrieving or resetting a user's password. When creating a user name, a user can supply a question and answer that can later be used to retrieve or reset a forgotten password. If the property and the property are both false, the value of the property is irrelevant. For more information, see and .

Gets a value indicating whether the SQL Server membership provider is configured to require the user to answer a password question for password reset and retrieval.

2.0.0.0 Property System.Boolean To be added. To be added.

Gets a value indicating whether the SQL Server membership provider is configured to require a unique e-mail address for each user name.

2.0.0.0 Method System.String To be added. This method is called by the class to reset the password for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config) to a new, randomly generated value. The new password is returned. The random password created by the method is not guaranteed to pass the regular expression in the property. However, the random password will meet the criteria established by the and properties. The method is most commonly used when the property is set to Hashed. If a user forgets a password that is hashed, the password cannot be retrieved. However, the provider can reset the password to a new, automatically generated password if the user supplies the correct password answer. If an incorrect password answer is supplied to the method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the method. If the correct password answer is supplied and the user is not currently locked out, then the internal counter that tracks invalid password-answer attempts is reset to zero. For more information, see the and properties. You can call the method directly by first obtaining a reference to the instance from the property of the class. The generated password will be at least 14 characters long, or the length specified in the property, and will contain the number of non-alphanumeric characters specified in the property. The password is not guaranteed to pass the regular expression contained in the property, if one is specified. Leading and trailing spaces are trimmed from all parameter values.

Resets a user's password to a new, automatically generated password.

The new password for the specified user. The user to reset the password for. 2.0.0.0 Method System.Boolean Users are most commonly locked out and cannot be validated by the method when the is exceeded within the . Leading and trailing spaces are trimmed from the parameter value.

Clears the user's locked-out status so that the membership user can be validated.

true if the membership user was successfully unlocked; otherwise, false. A value of false is also returned if the user does not exist in the database. The name of the membership user to clear the locked-out status for. 2.0.0.0 Method System.Void This method is called by the class to update user information for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config). The , , , , and property values are updated for the specified membership user. The maximum length for the property is 256 characters. The maximum length for the property is 256 characters. The password for a membership user cannot be updated using the method. To update the password for a membership user, use the method of the class.

Updates information about a user in the SQL Server membership database.

A object that represents the user to update and the updated information for the user. 2.0.0.0 Method System.Boolean This method is called by the class to validate user information for a user in the SQL Server database specified in the ASP.NET application's configuration file (Web.config). When a user is successfully validated, the last activity date and last sign-in date values are updated to the current date and time in the database. If an incorrect password is supplied to the method, the internal counter that tracks invalid password attempts is incremented by one. This can result in the user being locked out and unable to log on until the lock status is cleared by a call to the method. If the correct password is supplied and the user is not currently locked out, then the internal counters that track invalid password and password-answer attempts are reset to zero. For more information, see the and properties. Leading and trailing spaces are trimmed from all parameter values.

Verifies that the specified user name and password exist in the SQL Server membership database.

true if the specified username and password are valid; otherwise, false. A value of false is also returned if the user does not exist in the database. The name of the user to validate. The password for the specified user. 2.0.0.0