What to call after validateUser() for forms authentication?

1
votes

I made a custom membership provider and overrode the ValidateUser method, but now I am confused. I am not using any Login controls, I just have a site wide login (username and password box) on a masterpage.

Questions:

  1. Do I need to call the ValidateUser() method myself? If so, what are the next steps to take? Do I create the auth cookie which methods do I need to call to complete the login?

  2. I need to return some custom user data if the user is authenticated. Is it better to call GetUser and check for null or just call ValidateUser and then grab a user object?

    1. Where and how should I store the custom data for the user? Is it stored in the identity object? Should I store it in the MembershipUser Object?
1
asp.netwebformsasp.net-membershipforms-authentication

1 Answers

2
votes

Yes, you verify that the credentials are correct by doing a call such as

Membership.ValidateUser(TextBoxUsername.Text, TextBoxPassword.Text)

If the above call returns true then you need to set the authentication cookie like so:

FormsAuthentication.SetAuthCookie(TextBoxUsername.Text, CheckboxRememberMe.Checked);

There I used a "remember me" checkbox if you want to login automatically next time.

To get the user details you can call

Membership.FindUsersByName(TextBoxUsername.Text)

The most handy place you can store the user details is the session.

You didn't ask, but just as important would be a log out page. The functionality needed to undo the login steps are:

FormsAuthentication.SignOut();
Session.Abandon();
Response.Redirect("~/login.aspx", false);//or homepage, or any other page