membership Element
The membership element in the Web.config file identifies the Commerce Server membership provider to ASP.NET. Although ASP.NET defines the membership element and the tags it contains, you must specify these elements in order to use the Commerce Server membership provider. For more information about ASP.NET membership providers, see the MSDN Web site.
The membership element is a child of the system.web element, and is required.
The following table lists the attributes of the membership element that Commerce Server uses. You can also specify additional elements that are defined by ASP.NET.
Attribute |
Data Type |
Description |
|---|---|---|
defaultProvider |
String |
The name of the default membership provider. This value must match the name attribute of one of the add elements. This attribute is required. |
providers Element
The providers element is a container for the add element.
add Element
The add element describes the membership provider. This element is required.
The following table lists the attributes of the add element that Commerce Server uses. You can also specify additional elements that are defined by ASP.NET.
Attribute |
Data Type |
Description |
|---|---|---|
name |
String |
The name to use to refer to this provider. This attribute is required. |
Type |
String |
The implementation of the custom membership provider. Set this to the string "Microsoft.CommerceServer.Runtime.Profiles.UpmMembershipProvider". This attribute is required. |
profileDefinitionName |
String |
The name of the profile definition that you use to store user data. The default value is the string "UserObject". This attribute is required. |
maxInvalidPasswordAttempts |
String |
The maximum number of times that a user may provide a password that is not valid. If the user provides more than the maximum of passwords that are not valid, the user's account will be disabled. A value of zero indicates that there is no limit to the number of times that a user can provide a password that is not valid. The value of this attribute must represent an integer. The default value is 5. ASP.NET will only implement this functionality if the user profile definition contains the following fields:
This attribute is required. |
passwordAttemptWindow |
String |
The amount of time, in minutes, after which the user's count of passwords that are not valid will be reset to zero. The time window begins again each time the user enters a password that is not valid. If the user's account is disabled, the count of passwords that are not valid is not reset to zero. A value of zero indicates that the count of passwords that are not valid is never automatically reset. The value of this attribute must represent an integer. The default value is 10. ASP.NET will only implement this functionality if the user profile definition contains the following fields:
This attribute is required. |
passwordLockoutPeriod |
String |
The amount of time, in minutes, that must elapse before the user's account is automatically reactivated. A value of zero indicates the account is never automatically reactivated. The value of this attribute must represent an integer. The default value is 0. ASP.NET will only implement this functionality if the user profile definition contains the following fields:
This attribute is required. |
requiresApproval |
String |
A value of true indicates that new user accounts will be created with the status Unapproved. A value of false indicates that new user accounts will be created with the status Active. The value of this attribute must represent a Boolean. The default value is false. .gif "Note") Note:
If you provide the requiresApproval attribute, the user profile definition must also contain the AccountInfo.account_status field.
This attribute is required. |
enablePasswordReset |
String |
A value of true indicates that users may reset their own passwords. A value of false indicates that passwords may only be reset by using the Customers and Orders Manager. The value of this attribute must represent a Boolean. The default value is false. This attribute is required. |
writeExceptionsToEventLog |
String |
Specifies whether exceptions in the membership provider will be written to the system event log. The value of this attribute must represent a Boolean. The default value is true. This attribute is required. |
logonNameProperty |
String |
The name of the property of the ProfileDefinitionName object whose value is used as the default logon ID. The default value is "GeneralInfo.email_address". This attribute is required. |
Remarks
ASP.NET ignores the requiresQuestionAndAnswer and requiresUniqueEmail attributes to the add element if you use the Commerce Server membership provider. For information about how to modify the user profile definition to implement this, see How to Enable Logons by Using the Commerce Server Membership Provider.
To use the Commerce Server membership provider, you must configure ASP.NET to use forms authentication.
Example
The following example is the simplest way to configure ASP.NET to use the Commerce Server membership provider. This example provides only the required attributes, and uses the default values of all other attributes.
<authentication mode="Forms" />
<membership defaultProvider="UpmProvider">
<providers>
<add
name="UpmProvider"
type="Microsoft.CommerceServer.Runtime.Profiles.UpmMembershipProvider"
/>
</providers>
</membership>
The following example specifies that users will be logged out if they have been inactive for fifteen minutes, and lets users reset their own passwords. Note that the userIsOnlineTimeWindow attribute is a general ASP.NET attribute — it is not specific to the Commerce Server membership provider.
<authentication mode="Forms" />
<membership defaultProvider="UpmProvider" userIsOnlineTimeWindow="15">
<providers>
<add
name="UpmProvider"
type="Microsoft.CommerceServer.Runtime.Profiles.UpmMembershipProvider"
enablePasswordRest="true"
logonNameProperty="GeneralInfo.account_number"
/>
</providers>
</membership>
See Also
Other Resources
How to Enable Logons by Using the Commerce Server Membership Provider