This is the way you can configure some security aspects of your application:

     //this configuration was copied from machine.config to web.config xml to be able to customize some security aspects:
    <system.web>
        ...
        <membership>
                <providers>
                    <remove name="AspNetSqlMembershipProvider"/>
                    <add name="AspNetSqlMembershipProvider"
                         type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                         connectionStringName="myConnectionString"
                         enablePasswordRetrieval="false"
                         enablePasswordReset="true"
                         requiresQuestionAndAnswer="false"
                         applicationName="/"
                         requiresUniqueEmail="true"
                         passwordFormat="Hashed"
                         maxInvalidPasswordAttempts="5000"
                         minRequiredPasswordLength="4"
                         minRequiredNonalphanumericCharacters="0"
                         passwordAttemptWindow="10"
                         passwordStrengthRegularExpression="" />
                </providers>
            </membership>
        ...
    </system.web>