How to program the ASP.NET Membership Login control in C#

The ASP.NET membership Login control supports several events and properties and you can use them to customize its behavior. The Login control supports the next events:

Event

Description

LoggingInRaised before the user gets authenticated by the control.
Authenticate

Raised to authenticate the user. If you handle this event, you have to authenticate the user on your own, and the Login control completely relies on your authentication code.

LoggedInRaised after the user has been authenticated by the control.
LoginError

Raised when the login of the user failed for some reason (such as a wrong password or user name).

The Login control fires the events in the following order:

 

The order of Login control events in C#

The order of Login control events in C#

You can handle the first three events (described in the table):

– To perform some actions before the user gets authenticated.

– After the user has been authenticated.

– If an error has happened during the authentication process.

The next example shows how you can use the LoginError event to automatically redirect the user to the password recovery page after a specific number of attempts:

protected void LoginCtrl_LoginError(object sender, EventArgs e)

{

// If the “LoginErrors” state does not exist, create it

if (ViewState[“LoginErrors”] == null)

ViewState[“LoginErrors”] = 0;

 

// Increase the number of invalid logins

int ErrorCount = (int)ViewState[“LoginErrors”] + 1;

ViewState[“LoginErrors”] = ErrorCount;

 

// Now validate the number of errors

if ((ErrorCount > 3) && (LoginCtrl.PasswordRecoveryUrl != string.Empty))

Response.Redirect(LoginCtrl.PasswordRecoveryUrl);

}

If you are planning to handle the event, you have to add your own code for validating the user name and password. The Authenticate event receives an instance of AuthenticateEventArgs as a parameter. This event argument class has a property called Authenticated. If you set this property to true, the Login control assumes that authentication was successful and raises the LoggedIn event. If set to false, it displays the FailureText and raises the LoginError event:

protected bool MyValidationFunction(string UserName, string Password)

{

// Body must be developed….

return true;

}

protected void LoginCtrl_Authenticate(object sender, AuthenticateEventArgs e)

{

if (MyValidationFunction(LoginCtrl.UserName, LoginCtrl.Password))

{

e.Authenticated = true;

}

else

{

e.Authenticated = false;

}

}

You have direct access to the entered values through the UserName and Password properties that contain the text entered in the corresponding text boxes. In case you are using template control and require the value of another control in addition to the controls with the IDs UserName and Password, you can use the control’s FindControl method to get the control. This method requires the ID of the control and returns an instance of System.Web.UI.Control. You then just cast the control to the appropriate type and read the values you require for your custom credential validation method. The following Login control uses a template with an additional control that you will use later in the Authenticate event in your code:

<form id=”form1″ runat=”server”>

<div align=”center”>

<asp:Login ID=”OtherLoginCtrl” runat=”server” BorderColor=”Black” BorderStyle=”Solid”

OnAuthenticate=”OtherLoginCtrl_Authenticate” PasswordRecoveryUrl=”~/PasswordRecovery.aspx”

BackColor=”Orange” BorderWidth=”1px”>

<LayoutTemplate>

<div align=”center”>

<table>

<tr>

<td>

<div align=”left”>

UserKeys:

</div>

</td>

<td>

<asp:TextBox ID=”AccessKey” runat=”server” Width=”160px”></asp:TextBox>

</td>

</tr>

<tr>

<td>

<div align=”left”>

UserName:

</div>

</td>

<td>

<asp:TextBox ID=”UserName” runat=”server” Width=”160px”></asp:TextBox>

</td>

</tr>

<tr>

<td>

<div align=”left”>

Password:

</div>

</td>

<td>

<asp:TextBox ID=”Password” runat=”server” TextMode=”Password” Width=”160px”></asp:TextBox>

</td>

</tr>

</table>

<asp:Button ID=”Login” runat=”server” Text=”Log In” CommandName=”Login” />

</div>

</LayoutTemplate>

</asp:Login>

</div>

</form>

 

 

Using of template in login control in C#

Using of template in login control in C#

 

In the previous code example, the user’s key is an additional value that must be provided by the user for successfully logging in. To include this value into your credential validation process, you have to modify the contents of the Authenticate event as follows:

protected bool MyValidation(string AccessKey, string UserName, string Password)

{

// Body must be developed….

return true;

}

 

protected void LoginCtrl_Authenticate(object sender, AuthenticateEventArgs e)

{

TextBox AccessKeyText = (TextBox)OtherLoginCtrl.FindControl(“AccessKey”);

if (MyValidation(AccessKeyText.Text, OtherLoginCtrl.UserName, OtherLoginCtrl.Password))

{

e.Authenticated = true;

}

else

{

e.Authenticated = false;

}

}