Forms authentication in web.config

I am using MVC3 and have put the user authentication in the web.config file. This is to bypass sqlserver authentication.

code as below in web.config:

<authentication mode=开发者_开发百科"Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" >
        <credentials passwordFormat="Clear">
          <user name="test123" password="test123" />
        </credentials>
      </forms>
</authentication>

I tried login with the mentioned user id and password, I am getting error in the page as

Login was unsuccessful. Please correct the errors and try again.

* The user name or password provided is incorrect.

when I debug into the AccountController.cs file, failing at the MembershipService.ValidateUser(model.UserName, model.Password) method.

If you examine standard ASP.NET MVC 3 AccountController.cs and AccountModels.cs files you'll learn what MembershipProvider.ValidateUser method is used internally (via Membership.Provider). If you want to store password in web.config you should use FormsAuthentication.Authenticate method instead.

For example:

public class AuthorizationController : Controller
{
    public ActionResult LogOn()
    {
        return View("LogOn");
    }

    [AcceptVerbs(HttpVerbs.Post)]
    public ActionResult LogOn(string userName, string password, 
        bool rememberMe, string returnUrl)
    {
        if (!ValidateLogOn(userName, password))
            return View("LogOn");

        FormsAuthentication.SetAuthCookie(userName, rememberMe);

        if (!string.IsNullOrEmpty(returnUrl))
            return Redirect(returnUrl);
        else
            return RedirectToAction("Index", "News");

    }

    private bool ValidateLogOn(string userName, string password)
    {
        if (string.IsNullOrEmpty(userName))
            ModelState.AddModelError("username", "User name required");

        if (string.IsNullOrEmpty(password))
            ModelState.AddModelError("password", "Password required");

        if (ModelState.IsValid && !FormsAuthentication.
            Authenticate(userName, password))
            ModelState.AddModelError("_FORM", "Wrong user name or password");

        return ModelState.IsValid;
    }

    public RedirectToRouteResult LogOff()
    {
        FormsAuthentication.SignOut();

        return RedirectToAction("LogOn");
    }
}