Login control FAQ :
This post contains some of the most asked questions when using login
control.
1- how to redirect users to different pages based on their roles.
This can be done by handling the LoggedIn
event of the Login control.
protected void Login1_LoggedIn(object sender, EventArgs e) {
// if there is no returnUrl in the query string , we redirect based on user role
if (string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
{
// please don't use User.IsInRole here , because it will not be populated yet at this stage.
if (Roles.IsUserInRole(Login1.UserName, "Admins"))
Response.Redirect("~/Admins/Default.aspx");
else if (Roles.IsUserInRole(Login1.UserName, "Editors"))
Response.Redirect("~/Editors/Default.aspx");
}
}
2- how to hide the login control for the logged in users ?
To hide the login control for the logged in users , set it’s VisibleWhenLoggedIn property to false.
<asp:Login ID="Login1" runat="server" VisibleWhenLoggedIn="False" …
You can also use the LoginView control to accomplish that :
<asp:LoginView ID="LoginView1" runat="server">
<AnonymousTemplate>
<asp:Login ID="Login1" runat="server">
</asp:Login>
</AnonymousTemplate>
</asp:LoginView>
3-How to hide “remember me next time” checkbox ?
You may need to prevent the users from checking “remember me next time” checkbox to prevent crating a persistent authentication cookie.
To do that , you just need to set it’s DisplayRememberMe property to “false” and then you need to set it’s RememberMeSet property.
If you want to force the website to remember the users , you set the RememberMeSet property to true, else you set it to false.
<asp:Login ID="Login1" runat="server" DisplayRememberMe="false" RememberMeSet="false" …
4-How to use the login control with my existing users table ?
By default,Login control will use the membership provider to validate users credentials , but if you already have your custom users table ,
you can use the login control like this :
protected void Login1_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)
{
string userName = Login1.UserName;
string password = Login1.Password;
bool result = UserLogin(userName, password);
if ((result))
{
e.Authenticated = true;
}
else
{
e.Authenticated = false;
}
}
private bool UserLogin(string userName, string password)
{
// read the coonection string from web.config
string conString = ConfigurationManager.ConnectionStrings["ConnectionStringName"].ConnectionString;
using (System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(conString))
{
//' declare the command that will be used to execute the select statement
SqlCommand com = new SqlCommand("SELECT UserName FROM Users WHERE UserName = @UserName AND Password = @Password", con);
// set the username and password parameters
com.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = userName;
com.Parameters.Add("@Password", SqlDbType.NVarChar).Value = password;
//' execute the select command
try
{
con.Open();
//' execute the select statment
string result = Convert.ToString(com.ExecuteScalar());
//' check the result
if (string.IsNullOrEmpty(result))
{
//invalid user/password , return flase
return false;
}
else
{
// else return true , valid login
return true;
}
}
catch (Exception ex)
{
throw;
}
}
}
5-I don’t want the login control to render as html table , instead i want it to render as div , how to do that ?
You can use the CSS friendly control adapters , check this link.
6- I’m getting invalid login after i published my website , the user name and password was working locally , what’s the problem ?
One possible reason is the applicationName in membership configuration, check this link for more information .
7-After i published my website , I’m getting System.Web.Security.SqlMembershipProvider'
requires a database schema compatible with schema version '1' .. error ,what to do ?
One possible reason is that the published version of "aspnet_SchemaVersions" table doesn't have the correct values ,
please make sure that it have the values like below :
| Feature | CompatibleSchemaVersion | IsCurrentVersion |
| common | 1 | TRUE |
| health monitoring | 1 | TRUE |
| membership | 1 | TRUE |
| personalization | 1 | TRUE |
| profile | 1 | TRUE |
| role manager | 1 | TRUE |
8-How to display the login in popup ?
http://weblogs.asp.net/lkempe/archive/2007/01/28/login-control-in-an-asp-net-ajax-toolkit-popupcontrolextender-with-a-close-button.aspx
9- How can i log the invalid login attempts ?
You can handle the LoginError event of the login control :
protected void Login1_LoginError(object sender, EventArgs e)
{
// here you can login the invalid attempts
string UserName = Login1.UserName;
string Password = Login1.Password;
// log the attempt
}
10-I specified my website users inside the credential section in web.config , can i still use the login control ?
Yes you can , you just need to handle the login control authenticate event .
Assume you have this Credential section in web.config :
<authentication mode="Forms">
<forms>
<credentials passwordFormat="Clear">
<user name="User1" password="****" />
<user name="User2" password="****" />
</credentials>
</forms>
</authentication>
You can let the login control use the mentioned section like this :
protected void Login1_Authenticate(object sender, System.Web.UI.WebControls.AuthenticateEventArgs e)
{
string UserName = Login1.UserName;
string Password = Login1.Password;
if (FormsAuthentication.Authenticate(UserName, Password))
{
e.Authenticated = true;
}
else
{
e.Authenticated = false;
}
}
The FormsAuthentication.Authenticate method will automatically check users against the credential section.
11- I'm not using FormsAuthenticaiton, instead I'm using the session object to secure my website , can i still use the login control ?
Yes , you can; please read my post about this.
Hope it helps.