By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,997 Members | 1,470 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,997 IT Pros & Developers. It's quick & easy.

Problem handling Login control Authenticate event

P: n/a
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0.
The existing ASP application has several types of users, each with a separate
login process (separate login page, separate DB tables, etc). For one of
these user types, the current application has an additional input field
required for login… they have a username, password, and another “location
code” field. Please don’t make me explain or justify this… the mandate is
for the new ASP.NET 2.0 site not to require users to log in any differently.

I concatenate the existing username with the “location code”, with a
delimiter character between them. This way I can transition the existing
logins to the aspnet_DB schema that uses the normal username & password
fields. Users who input the additional “location code” field will not know
it, but their username will actually be the form of “current username +
delimiter + location code”.

I have converted the built-in Login control to use a Template, and have the
means to show/hide the extra textbox. I am handling the Login control’s
Authenticate event (code below), and when the extra input field is submitted
I concatenate the username with the location code, passing these to
Membership.ValidateUser(). This seems to work fine, it returns true and the
next call to FormsAuthentication.RedirectFromLoginPage() works, and the login
seems to work (access is granted to appropriate pages based on web.config,
LoginStatus control displays correctly, etc.)

However, for the users where this concatenation of the two input field
values is executed, the login is somehow not really complete. In these
cases, Membership.GetUser() returns null, and the LoginName control displays
only the username entered in the default input field, not the full string
that I build with the concatenation of the extra “location code” input field.

For user types where the extra field is not present and the concatenation is
not done, Membership.GetUser() returns the correct user object.

What am I missing? Is there some other event I need to handle, or method I
need to call? In the .NET 2.0 doc files, “about Membership class” the
Example code only references Membership.ValidateUser() and
FormsAuthentication.RedirectFromLoginPage() - though this is not handling the
Authenticate event, but is just a traditional login with textboxes, not the
Login control.

Thanks in advance!!

CODE:
Protected Sub MyLogin_Authenticate(ByVal sender As Object, ByVal e As
System.Web.UI.WebControls.AuthenticateEventArgs) Handles MyLogin.Authenticate

Dim username, password, location As String

username = MyLogin.UserName
password = MyLogin.Password

' concat location with username for special login,
' allows them to log in the same way they always have,
' while allowing us to use Membership API based on username & password
If m_LoginUserType = LoginType.Special Then
location = DirectCast(MyLogin.FindControl("Location"), TextBox).Text.Trim()
If location.Length > 0 Then
username = username & "~" & location
End If
End If

e.Authenticated = Membership.ValidateUser(username, password)

If e.Authenticated Then
FormsAuthentication.RedirectFromLoginPage(username , False)
End If

End Sub
Feb 7 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
I seem to have found my own solution... I'm posting in case anyone else will
find this helpful. I added an event handler for the Login control LoggingIn
event. In this handler method I directly modify the Login control UserName
property when the login is my special case, doing the concatenation of the
additional input field with the UserName. This way, when the Authenticate
event fires next, the value has already been modified as I need it. Now,
everything works, including Membership.GetUser() returning a valid object.

There is definitely something about the way I was doing it before that is
not sufficient... the same two method calls - Membership.ValidateUser() and
FormsAuthentication.RedirectFromLoginPage() - ARE sufficient to do everything
on a regular ASPX page with textboxes and a button click event, but NOT when
you just handle the Login control Authenticate event. I also have a need to
accept a simple HTML form post to allow a login from a web page outside my
new ASP.NET app (still in same web domain). For this I use the same two
method calls and everything works fine. But with the Login control, despite
my Authenticate code shown in my post above, there was still something going
on under the hood resulting in a partially incomplete login (see above).
"EricRybarczyk" wrote:
What am I missing? Is there some other event I need to handle, or method I
need to call? In the .NET 2.0 doc files, “about Membership class” the
Example code only references Membership.ValidateUser() and
FormsAuthentication.RedirectFromLoginPage() - though this is not handling the
Authenticate event, but is just a traditional login with textboxes, not the
Login control.


Feb 8 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.