In this article I’ll explain how to authenticate users using ASP.Net Membership provider without using the ASP.Net Login Control.
HTML Markup
<div align = "right">
<asp:LinkButton ID="lnkLogOut" runat="server" Text = "Logout" OnClick = "Logout"/>
</div>
<div>
Login<br />
UserName:<asp:TextBox ID="txtUserName" runat="server" /><br />
Password:<asp:TextBox ID="txtPassword" runat="server" TextMode = "Password" /><br />
Rememeber Me:<asp:CheckBox ID="chkRememberMe" runat="server" /><br />
<asp:Button ID="btnLogin" runat="server" Text="Login" OnClick = "Login" />
</div>
Above you will notice I have two textboxes one for Username and other for the password. I have a checkbox to allow user remember is credentials and a button that will allow the user to login into the website. Also I have placed a LinkButton that will allow the user to log out.
Namespaces
You need to import the following namespace
C#
using System.Web.Security;
VB.Net
Imports System.Web.Security
Login Mechanism
Below code is executed on the click of the Login button
C#
protected void Login(object sender, EventArgs e)
{
if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
{
if (chkRememberMe.Checked)
{
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(txtUserName.Text, true, 12 * 60);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
cookie.Expires = authTicket.Expiration;
HttpContext.Current.Response.Cookies.Set(cookie);
}
else
{
FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
}
Response.Redirect(Request.Url.AbsoluteUri);
}
}
VB.Net
Protected Sub Login(ByVal sender As Object, ByVal e As EventArgs)
If Membership.ValidateUser(txtUserName.Text, txtPassword.Text) Then
If chkRememberMe.Checked Then
Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(txtUserName.Text, True, (12 * 60))
Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
Dim cookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
cookie.Expires = authTicket.Expiration
HttpContext.Current.Response.Cookies.Set(cookie)
Else
FormsAuthentication.SetAuthCookie(txtUserName.Text, False)
End If
Response.Redirect(Request.Url.AbsoluteUri)
End If
End Sub
Above I am first validating the user using the supplied username and password. If the validation is successful then I am checking whether the Remember Me checkbox is checked or not. If it is checked then I am creating a cookie with expiry time of 12 hours so that user can remain logged in for 12 hours. If it is not checked I am simply setting the FormsAuthentication cookie.
Note: You need redirect either to the same page or some other page in order to make the login cookie to be created. Without redirection user will not be logged in.
Logout Mechanism
The Log out LinkButton is displayed when the user is logged in and hidden when the user is not logged in. This is taken care in the page load event of the page in the following way
C#
protected void Page_Load(object sender, EventArgs e)
{
lnkLogOut.Visible = Membership.GetUser() != null;
}
VB.Net
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
lnkLogOut.Visible = Membership.GetUser() IsNot Nothing
End Sub
On the click of the Logout LinkButton the following code is executed which logs the user out.
C#
protected void Logout(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Login_CS.aspx");
}
VB.Net
Protected Sub Logout(ByVal sender As Object, ByVal e As EventArgs)
FormsAuthentication.SignOut()
Response.Redirect("~/Login_VB.aspx")
End Sub
Downloads
With this we come to the end of this article. You can download the sample source code in VB.Net and C# using the download link provided below.
Download Code