I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0.
The existing ASP application has several types of users, each with a separate
login process (separate login page, separate DB tables, etc). For one of
these user types, the current application has an additional input field
required for login… they have a username, password, and another “location
code” field. Please don’t make me explain or justify this… the mandate is
for the new ASP.NET 2.0 site not to require users to log in any differently.
I concatenate the existing username with the “location code”, with a
delimiter character between them. This way I can transition the existing
logins to the aspnet_DB schema that uses the normal username & password
fields. Users who input the additional “location code” field will not know
it, but their username will actually be the form of “current username +
delimiter + location code”.
I have converted the built-in Login control to use a Template, and have the
means to show/hide the extra textbox. I am handling the Login control’s
Authenticate event (code below), and when the extra input field is submitted
I concatenate the username with the location code, passing these to
Membership.ValidateUser(). This seems to work fine, it returns true and the
next call to FormsAuthentication.RedirectFromLoginPage() works, and the login
seems to work (access is granted to appropriate pages based on web.config,
LoginStatus control displays correctly, etc.)
However, for the users where this concatenation of the two input field
values is executed, the login is somehow not really complete. In these
cases, Membership.GetUser() returns null, and the LoginName control displays
only the username entered in the default input field, not the full string
that I build with the concatenation of the extra “location code” input field.
For user types where the extra field is not present and the concatenation is
not done, Membership.GetUser() returns the correct user object.
What am I missing? Is there some other event I need to handle, or method I
need to call? In the .NET 2.0 doc files, “about Membership class” the
Example code only references Membership.ValidateUser() and
FormsAuthentication.RedirectFromLoginPage() - though this is not handling the
Authenticate event, but is just a traditional login with textboxes, not the
Login control.
Thanks in advance!!
CODE:
Protected Sub MyLogin_Authenticate(ByVal sender As Object, ByVal e As
System.Web.UI.WebControls.AuthenticateEventArgs) Handles MyLogin.Authenticate
Dim username, password, location As String
username = MyLogin.UserName
password = MyLogin.Password
' concat location with username for special login,
' allows them to log in the same way they always have,
' while allowing us to use Membership API based on username & password
If m_LoginUserType = LoginType.Special Then
location = DirectCast(MyLogin.FindControl("Location"), TextBox).Text.Trim()
If location.Length > 0 Then
username = username & "~" & location
End If
End If
e.Authenticated = Membership.ValidateUser(username, password)
If e.Authenticated Then
FormsAuthentication.RedirectFromLoginPage(username , False)
End If
End Sub