The Plain Text Membership Provider
is very simple provider for low-security scenarios. stores limited amout of user information (user name, e-mail and plaintext password) in simple text file. This membership provider was created for cases when there is no administration interface and the user database should be maintained by hand by unskilled user. For example for photo gallery, where certain section is intended only for friends.
Storing plain text password is security risk. On the other hand, we can't require common users to perform hashes if the goal is to make the database editable by hand.
The data file structure
The data file is by default named ~/App_Data/users.txt
. Placement in the App_Data
folder ensures that its contents is protected from simple HTTP query.
The file contains one line for each user, where the user name, e-mail address and password are stored in TAB-separated format:
user1 email@example.com user1password
user2 firstname.lastname@example.org user2password
file for utilizing PlainTextMembershipProvider
<compilation debug="true" />
<forms defaultUrl="~/Auth/Default.aspx" loginUrl="~/Default.aspx" />
Provider configuration attributes
- dataFilePath - virtual path to data file; default is ~/App_Data/users.txt.
- ignoreInvalidLines - if set to true (default), invalid lines in the above file are ignored (and deleted in next modification); if set to false, provider throws exception on invalid line.
- cacheExpirationTime - number of minutes to keep user table in memory, by default 60; the cache is cleared when data file is modified or cacheExpirationTime minutes after last request. Generally, you wouldn't modify that value, because it may only help to release the memory faster and the provider is not likely to consume much memory. If you have lots of users, you would probably use more complex storage than plain text file.