Hi, I wanted to use the asp:login control on a page, just had 2 questions on it, if I want to use my own check for loggin in, not the memebership way, do i just override this method: Authenticate(object sender, AuthenticateEventArgs e) have it return set e.Authenticated = true/false for when i validate the user to be ok or not, is this correct? Also if i want to change the cookie thats set, how do i do that? I want to make sure the cookie stays for atleast 5 days, so the user doesn't need to login next time they come to the site, also can i add other values to the cookie, like userID? Thanks!

 U can set the cookie time out in authentication section of Web.Config file

 

<authentication mode="Forms">
   <forms name=".ASPXCOOKIEDEMO" loginUrl="login.aspx" protection="All" timeout="30" path="/">
                    <!-- protection="[All|None|Encryption|Validation]" -->
   </forms>
</authentication>

For more info read 

http://www.dotnetjunkies.com/QuickStartv20/aspnet/doc/security/formsauth.aspx 

 

pdassnyc:

do i just override this method: Authenticate(object sender, AuthenticateEventArgs e) have it return set e.Authenticated = true/false for when i validate the user to be ok or not, is this correct?

yes that's true , setting e.Handled to true will set the FormsAuthentication cookie ,

pdassnyc:

I want to make sure the cookie stays for atleast 5 days,

Change the Cookie timeout settings in web.config file , Under <system.web> section :

		<authentication mode="Forms">
			<forms timeout="7200"></forms>
		</authentication>

 The unit of timeout is minutes and so 7200 minutes = 5 days .

Note : the mentioned setting will make cookie expires after 5 days , but it will not make sure that the user will stays authenticated in case he/she closed his/her browser ( the user must check "remember me " checkbox that is in login control to get remembered ) , but you can override that by setting that checkbox to checked and by hiding it from the user :

    <asp:Login ID="Login1" runat="server" DisplayRememberMe="false" RememberMeSet="true">
    </asp:Login> 

 

pdassnyc:

also can i add other values to the cookie, like userID

 See this video

hi, one more question, the RememberMe feature of the control, does that do an auto fill as well? Meaning, if i login in correctly and get taken to the homepage, say the form timeout is set to 30, and then close the browser and return 10 mins later to the login page, will my details be prefilled or will the user be redirected to the homepage as if they logged in, since the timeout has not expired yet?

pdassnyc:

will my details be prefilled

No , it will not filled .

pdassnyc:

will the user be redirected to the homepage as if they logged in, since the timeout has not expired yet?

If the Authenticated user requested the Login page , he/she will not get redirected to home page, and so you may need to override this in login page, for example you can write this code in login page load :

 

    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack && User.Identity.IsAuthenticated)
            Response.Redirect("Homepage.aspx");
    }

  

Hi

in web.config

<authentication mode="Forms">
   <forms loginUrl="Login.aspx" timeout="300000" protection="All" path="/" slidingExpiration="false"></forms>
  </authentication>
  <membership defaultProvider="MyProvider" userIsOnlineTimeWindow="25">
   <providers>
    <add name="MyProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="Bag_ConnStr" applicationName="/" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
   </providers>
  </membership>
  <roleManager defaultProvider="TaskRoleProvider" enabled="true">
   <providers>
    <add name="TaskRoleProvider" connectionStringName="Bag_ConnStr" applicationName="/" type="System.Web.Security.SqlRoleProvider"/>
   </providers>
  </roleManager>
  <!--SiteMap Provider-->
  <siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
   <providers>
    <add name="XmlSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
   </providers>
  </siteMap>

just change connection string name with your's

and in Login page

protected void Login1_LoggedIn(object sender, EventArgs e)
    {

        TextBox TextBox1 = (TextBox)Login1.FindControl("UserName");
        //MembershipUser user = Membership.GetUser(TextBox1.Text);
        MembershipUser user = Membership.GetUser(Login1.UserName);

        if (Request.QueryString["ReturnUrl"] != null)
        {
            Response.Redirect(Request.QueryString["ReturnUrl"].ToString());
        }
        else
        {
            //-- check if login user in Admin role
            if (Roles.IsUserInRole(TextBox1.Text, "Admin"))
            {
                Response.Redirect("~/Admin/Default.aspx");

            }
            //-- check if login user in User role
            else if (Roles.IsUserInRole(TextBox1.Text, "User"))
            {
                Response.Redirect("~/User/Default.aspx");
            }
        }
       
    }

protected void Login1_LoginError(object sender, EventArgs e)
    {
        //There was a problem logging in the user

        //See if this user exists in the database
        MembershipUser userInfo = Membership.GetUser(Login1.UserName);

        if (userInfo == null)
        {
            //The user entered an invalid username...

            Login1.FailureText = "There is no user in the database with the username " + Login1.UserName;
        }
        else
        {
            //See if the user is locked out or not approved
            if (!userInfo.IsApproved)
            {

                Login1.FailureText = "Your account has not yet been approved by the site's administrators. Please try again later...";
            }
            else if (userInfo.IsLockedOut)
            {
                Login1.FailureText = "Your account has been locked out because of a maximum number of incorrect login attempts. You will NOT be able to login until you contact a site administrator and have your account unlocked.";
            }
            else
            {
                //The password was incorrect (don't show anything, the Login control already describes the problem)
                Login1.FailureText = string.Empty;
            }
        }

    }

Good Luck