How to use Forms Authentication’s User Definitions with the Login Control

In ASP.NET 1.1 we already had definitions of name and password credentials within the configuration file. We just didn't have a Login control.


Now we have both but the Login control is set by default to use the default membership provider.


How can we use both of them together?


Well, there are two ways, depending on your will or needs:



  1. Using the Login control with FormsAuthentication

    This is the easiest way, you just need to handle the Authenticate event of the Login control.

    Login.aspx

    <!-- ... -->


    <asp:Login ID="Login1" runat="server" DisplayRememberMe="False" OnAuthenticate="Login1_Authenticate">


    </asp:Login>


    <!-- ... -->


     

    Login.aspx.cs

    // ...

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

    {


        e.Authenticated = FormsAuthentication.Authenticate(Login1.UserName, Login1.Password);


    }


    // ...


     


  2. Using FormsAuthentication as the membership provider

    This one is a bit trickier.


    First you don't need to handle the Authenticate event.


     

    Login.aspx

    <!-- ... -->


    <asp:Login ID="Login1" runat="server" DisplayRememberMe="False">


    </asp:Login>


    <!-- ... -->


    Then you need to implement a membership provider that uses FormsAuthentication.


     


     

    FormsAuthenticationMembershipProvider.cs

    public class FormsAuthenticationMembershipProvider : System.Web.Security.MembershipProvider


    {


        private string applicationName;


     


        public override string ApplicationName


        {


            get { return this.applicationName; }


            set { this.applicationName = value; }


        }


     


        public override bool EnablePasswordReset


        {


            get { return false; }


        }


     


        public override bool EnablePasswordRetrieval


        {


            get { return false; }


        }


     


        public override bool ValidateUser(string username, string password)


        {


            return FormsAuthentication.Authenticate(username, password);


        }


     


        // Not Implemented MembershipProvider Members


    }


    And register it in the configuration file.

6 Responses to How to use Forms Authentication’s User Definitions with the Login Control

  • Luis Abreu says:

    Or set the MembershipProvider property of the login control if you only want to use that provider in the login page.

  • satellite says:

    can any tell me a way to override the authenticate method, I know it is a sealed class, but I require it.

  • Which authenticate method?

  • Arthur says:

    The first method which is:

    e.Authenticated = FormsAuthentication.Authenticate(Login1.UserName, Login1.Password);

    seems not to be working.

    I use instead of it:
    if (FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
    {
    FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
    //e.Authenticated = true;

    }
    else
    {
    e.Authenticated = false;
    }

  • paulo says:

    Hi Arthur,

    With your approach you loose the LoggedIn event of the Login control.

    What exactly isn’t working?

  • BNewport says:

    Thank you… thank you.. thank you!!!