How do I use a ASP.NET Login control without using a MembershipProvider?

asp.net login asp.net-membership

36,996

Solution 1

You can just drop the asp:Login control in your page, then in the code behind, catch the Login Control's Authenticate event.

In the Authenticate event, check the username/password that the user has entered. The username/password are properties in the login control. (LoginCtrl.UserName, LoginCtrl.Password)

If the username/password is correct, just set the event args Authenticated property to True.

No membership provider is required.

ex. In the aspx page..

<asp:Login ID="LoginCtrl" runat="server" DestinationPageUrl="YouAreIn.aspx"></asp:Login>

In Code Behind

Private Sub Log_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles LoginCtrl.Authenticate
    If LoginCtrl.UserName = "Hello" AndAlso LoginCtrl.Password = "Hello" Then
        e.Authenticated = True
    End If

void MyLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
    if(UserName == "Hello" && Password == "Hello")
        e.Authenticated = true;
}

Solution 2

If you don't have a membership provider and don't really have a security system to speak of, just put two boxes on a form (user name, password) and test it in the onclick of the button.

The login control is obviously overkill for what your trying to do.

Solution 3

Use Simple Forms Authentication.

36,996

Author by

Tjkoopa

For me, fun is taking a program, language, whatever and making it do things it's designer never envisioned it doing. It comes in handy when I'm asked to do something a little outside the norm as part of my job.

Updated on October 15, 2020

Comments

Tjkoopa over 3 years
This is an offshoot of this question.
- How do I use a Login control if I don't have a MembershipProvider to point it at?
- Am I understanding the use model correctly?
- Is it even reasonable to talk about using a Login control without a MembershipProvider?
- Dose the MembershipProvider do more than just username/password checking?
- Would it be more reasonable to create my own MembershipProvider with the same authentication logic?
In my case, I don't need a MembershipProvider (I think) as my authentication situation is trivial (one user, one password).

I'm interested partly to "future proof" my page and partly because I'm new and wondering about how stuff works. (I tend to learn about things by running full speed into every corner case I can find :)
Tjkoopa almost 15 years

That might work in my case but it doesn't answer the question.
Tjkoopa almost 15 years

you are probably correct... for now. Also that forces me to figure out how to deal with cookies and redirection and whatnot.
Justin Largey almost 15 years

Also, to force the user to go to the login page, use forms authentication.
Tjkoopa almost 15 years

If only it were so easy. I just tried it and the login jumps directly back into the login page rather than the page it was redirected from.
Justin Largey almost 15 years

BCS - Did you set the DestinationPageUrl?
Tjkoopa almost 15 years

No, but every source I've found up to now indicates that the default will be the page that redirected to the login page.
Justin Largey almost 15 years

in your web.config are you denying anonymous users? <authorization> <deny users="?"/> <allow users="*"/> </authorization> also, here's my authentication settings, just for reference. <authentication mode="Forms"> <forms loginUrl="login.aspx" protection="All" path="/" timeout="30"></forms> </authentication>
Tjkoopa almost 15 years

I'm not having trouble creating a cookie, I just haven't ever worked with it and would rather not have to learn right now.
Justin Largey almost 15 years

the comments don't seem to format XML properly. When you say referring page, do you mean the page the user was one to get to your login page? or the page the user was access before being prompted to login? or something else?
Tjkoopa almost 15 years

After fixing web.conf it works without setting DestinationPageUrl.
Justin Largey almost 15 years

oh, cool, did you set the defaultUrl in the web.config instead?
Tjkoopa almost 15 years

Nope, it works as expected: if left unset, it goes right back to the page that redirected to Loging.aspx whatever that happens to be this time.
jp2code about 8 years

@BCS - could I get a cleaned version of this code? I'm interested in getting something like this to work (C#), but the Login control doesn't appear to have any Event Handlers like Justin wired up. Also, there seems to be a lot of the solution in the comments. I don't know what is good and what is not.