How to make WebSecurity.Login to login using username or email?
Solution 1
You could inherit from the SimpleMembershipProvider
and just override the ValidateUser
method like this.
public class ExtendedSimpleMembershipProvider : SimpleMembershipProvider
{
public override bool ValidateUser(string login, string password)
{
// check to see if the login passed is an email address
if (IsValidEmail(login))
{
string actualUsername = base.GetUserNameByEmail(login);
return base.ValidateUser(actualUsername, password);
}
else
{
return base.ValidateUser(login, password);
}
}
bool IsValidEmail(string strIn)
{
// Return true if strIn is in valid e-mail format.
return Regex.IsMatch(strIn, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
}
}
This is just one approach. You could write your own MembershipProvider
but if you only need to change the ValidateUser
method this should work.
Add the following configuration to the web.config to setup the provider.
<membership defaultProvider="ExtendedSimpleMembershipProvider">
<providers>
<clear/>
<add name="ExtendedSimpleMembershipProvider"
type="MyProject.Web.SimpleMembershipProvider, MyProject.Web"/>
</providers>
</membership>
That should get you going in the right direction.
Solution 2
WebSecurity just calls FormsAuthentication
under the hood.
You can do this:
if (WebSecurity.UserExists(username))
{
FormsAuthentication.SetAuthCookie(username, false);
}
Curious why you need this feature. (FYI: My reasoning for needing this is if a user has authenticated with PayPal in an Express Checkout (shopping cart) flow I allow them to be auto-logged into my site as that same user because I consider the risk very low that it would not be the right person).
May be of use: Difference between FormsAuthentication and WebSecurity
Solution 3
You can just pull the user with given email from UserProfiles table
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
var login = false;
if (ModelState.IsValid)
{
if (!model.UserName.Contains("@"))
{
if (WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
login = true;
}
else
{
var targetUser = db.UserProfiles.Where(u => u.Email == model.UserName).FirstOrDefault();
if (targetUser != null && WebSecurity.Login(targetUser.UserName, model.Password, persistCookie: model.RememberMe))
login = true;
}
}
if (login)
return Redirect(returnUrl);
// If we got this far, something failed, redisplay form
ModelState.AddModelError("", "The user name or password provided is incorrect.");
return View(model);
}
Related videos on Youtube
Amr Elgarhy
Updated on July 09, 2022Comments
-
Amr Elgarhy almost 2 years
WebSecurity.Login
in simplemembership take username and password, how to make it to login the user using username or email instead of just username?, to make the user free to enter his email or username to login. -
aruno about 11 yearsI misunderstood the question and thought you meant without password - so that's what this is an answer for :)
-
rashleighp almost 11 yearsI'd agree that its easy to guess but your average user is going to use it or something easy to guess anyway. Say you had David Jones. He might use , david.jones, jonesd, djones. But they are all ludicrously guessable so I don't think that it would make too much of a difference.