Attribute

Default Value

Notes

connectionStringName

Points to a connection string contained in the connection strings configuration section. This attribute is required because it points to the primary LDAP bind string that is used for create, update, get, and validate operations.

connectionUserName

Defines the user name used for authentication purposes when connecting to the directory. If this attribute is specified, the companion connectionPassword attribute must also be specified. This attribute is used to configure a set of credentials that can be used to connect to the directory (instead of using the process account or impersonation credentials that are in effect at the time the provider connects to the directory).

connectionPassword

Defines the password used for authentication purposes when connecting to the directory. If this attribute is specified, the companion connectionUserName attribute must also be specified. This attribute is used to configure a set of credentials that can be used to connect to the directory (instead of using the process account or impersonation credentials that are in effect at the time the provider connects to the directory).

connectionProtection

Secure

Defines the transport layer security options that are used when opening connections to the directory. This attribute can have a string value of "Secure" or "None".

If set to "Secure", the provider attempts to select the highest level of connection security available, based on the type of directory that the provider connects to. The protection is determined as follows:
SSL is first attempted because SSL is an option that works with both Active Directory and ADAM (ActiveDirectoryConnection
Protection.Ssl).
If SSL is not available and the provider is connecting to Active Directory or to a domain-joined ADAM instance, encrypt-sign-and-seal is used (ActiveDirectoryConnection
Protection.SignAndSeal).
If neither SSL nor encrypt-sign-seal is available, the provider generates a ProviderException, stating that it could not automatically select a secure connection to the configured directory.

enablePasswordReset

False

Controls whether or not a password can be reset. For security reasons, with the ActiveDirectoryMembershipProvider, this attribute can only be set to true if all of the following have been set:
requiresQuestionAndAnswer is set to true.
passwordQuestion, passwordAnswer, attributeMapFailedPasswordAnswer
Count, attributeMapFailedPassword
AnswerTime, and attributeMapFailed
PasswordAnswerLockoutTime have been mapped to attributes in the directory.
Note: Even if this attribute is set to true, password resets are allowed only if the credentials used to perform the reset have Administrator privileges in Active Directory..

enableSearchMethods

False

Allows an administrator to set whether or not search-oriented methods can be called on the provider instance. Because methods such as Find* and GetAllUsers can be very expensive, the default value for this attribute is false.
The following methods throw a NotSupportedException if they are called when this attribute is set to false:
FindUsersByName
FindUsersByEmail
GetAllUsers

requiresQuestionAnd
Answer

False

Determines whether a password question and answer are required for a password reset.

For security reasons, with ActiveDirectoryMembership
Provider, this attribute can only be set to true if all of the following have been set:
attributeMapPasswordQuestion, attributeMapPasswordAnswer, attributeMapFailedPasswordAnswerCount, attributeMapFailedPasswordAnswerTime, and attributeMapFailedPasswordAnswerLockoutTime

applicationName

/

For this provider, applicationName is included for completeness with other providers. Internally, it does not matter what value is placed here because the application name is not used. The maximum value is 256 characters.

requiresUniqueEmail

False

Specifies whether the e-mail values used in the application must be unique.

maxInvalidPassword
Attempts

5

Indicates the number of failed password attempts or failed password answer attempts allowed before a user's account is locked. When the number of failed attempts equals the value set in this attribute, the user's account is locked out.

For the Active Directory provider, this attribute applies only to managing resets that use a password answer. Active Directory manages bad password attempts internally.

passwordAttempt
Window

10

Indicates the time window, in minutes, during which failed password attempts and failed password answer attempts are tracked.

For the Active Directory provider, this attribute applies only to managing resets that use a password answer. Active Directory manages bad password attempts internally.

passwordAnswer
AttemptLockout
Duration

30

Specifies the duration, in minutes, that a lockout due to a bad password answer is considered still in effect. Because Active Directory uses the concept of timing out bad password lockouts, this attribute is necessary to support a similar concept of timing bad password answer attempts.

minRequiredPassword
Length

7

Specifies the minimum number of characters required in a password. The value can be from 1 to 128.

minRequiredNonAlpha
numericCharacters

1

Specifies the minimum number of non-alphanumeric characters required in a password. This configuration attribute cannot be set to a value greater than the value of the minRequiredPasswordLength. This means the configuration setting must be in the range of
0–minRequiredPasswordLength, inclusive of minRequiredPasswordLength.

passwordStrength
RegularExpression

""

Provides a valid regular expression that the provider will use as part of password strength validation.

attributeMapUsername

userPrincipalName

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.
The only directory attributes for mapping to a username if you are using Active Directory are userPrincipalName or sAMAccountName. The only allowed directory attributes for mapping to username if you are using ADAM is userPrincipalName.

attributeMapEmail

Mail

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.

attributeMapPassword
Question

UNDEFINED

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.

attributeMapPassword
Answer

UNDEFINED

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.

attributeMapFailed
PasswordAnswerCount

UNDEFINED

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.

attributeMapFailed
PasswordAnswerTime

UNDEFINED

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.

attributeMapFailed
PasswordAnswer
LockoutTime

UNDEFINED

Defines the mapping from a property on a MembershipUser object to an attribute within the directory.

属性

默认

用途

connectionStringName

SQL SERVER的连接字符串

enablePasswordReset

False

密码能否重置
安全原因，只有当
requiresQuestionAndAnswer 设置为 true的时候你才可以设置enablePasswordReset为true

requiresQuestionAnd
Answer

False

是否需要启用取回密码

applicationName

/

设置了它可以让多个应用程序在数据库内有所区分，不需要为每个应用建立一个数据库了

requiresUniqueEmail

False

邮件地址是否需要唯一

maxInvalidPassword
Attempts

5

密码输入错误几次就会锁定用户

passwordAttempt
Window

10

每分钟可以失败的次数

passwordFormat

密码方式 Clear, Encrypted, 和Hashed. 第一种是明文存储，效率比较高，但是SQL SERVER中能直接读取密码，不安全. 第二种是不可逆加密，需要一定的加密换算过程，但是比较安全.第三种是可逆加密，密码不能找回

minRequiredPassword
Length

7

指定至少密码需要几位

minRequiredNonAlpha
numericCharacters

1

指定需要是非数字字母作为密码的位数，不能大于minRequiredPassword
Length

passwordStrength
RegularExpression

""

指定强度计算的正则表达式

方法名

参数

备注

CreateUser

string username–创建的用户名.
string password–新用户密码
string email–新用户mail地址
string passwordQuestion
string passwordAnswer
bool IsApproved
object providerUserKey

DeleteUser

string username–需要删除的用户名
bool removeAllRelatedData

返回true表示删除，false表示没有找到

FindUsersByName

string usernameToMatch
int pageIndex
int pageSize

返回找到的用户的集合，支持通配符 "*", "%" 和 "_".

FindUsersByEmail

string emailToMatch
int pageIndex
int pageSize

GeneratePassword

int length
Int numberOfNonAlpha
NumericCharacters

GetAllUsers

int pageIndex
int pageSize

返回用户记录集

GetNumberOfUsersOnline

None

返回在线的用户，活动目录不支持

GetUsernameByEmail

string email–需要查找的用户的mail地址

UpdateUser

MembershipUser user–需要更新的用户名

ValidateUser

string username–需要验证的用户名
string password–需要验证的密码