C# - Forms Authentication Code-Behind w Custom Role and Membership Providers

Brian McCarthy picture Brian McCarthy · Mar 8, 2011 · Viewed 19.4k times · Source

Unfortunately, all the examples for Forms Authentication Code Behind w/ Custom Role and Membership Providers I find online are written with a VB.NET code behind and I need a C# code behind. Please help!!!!

I need a codebehind that will do the following:

  • authenticate user upon login button click
  • if user active_flag=0 (false) OR password!=@password, display error: "Access Denied"
  • if user admin_flag=1 & active flag=1 (true), redirect to admin_pages\zipsearch.aspx
  • if user admin_flag=0 (false) & active_flag=1 (true), redirect to pages\zipsearch.aspx

Default.aspx Code:

    <asp:Login ID="LoginUser" runat="server" EnableViewState="false" RenderOuterTable="false">
    <LayoutTemplate>
        <span class="failureNotification">
            <asp:Literal ID="FailureText" runat="server"></asp:Literal>
        </span>
        <asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification" 
             ValidationGroup="LoginUserValidationGroup"/>
        <div class="accountInfo">
            <fieldset class="login">
                <legend>Account Information</legend>
                <p>
                    <asp:Label ID="usernameLabel" runat="server" AssociatedControlID="username">Username:</asp:Label>
                    <asp:TextBox ID="username" runat="server" CssClass="textEntry"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="username" 
                         CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required." 
                         ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                </p>
                <p>
                    <asp:Label ID="passwordLabel" runat="server" AssociatedControlID="password">Password:</asp:Label>
                    <asp:TextBox ID="password" runat="server" CssClass="passwordEntry" TextMode="password"></asp:TextBox>
                    <asp:RequiredFieldValidator ID="passwordRequired" runat="server" ControlToValidate="password" 
                         CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required." 
                         ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
                </p>
                <p>
                    <asp:CheckBox ID="RememberMe" runat="server"/>
                    <asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
                </p>
            </fieldset>
            <p class="submitButton">
                <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
            </p>
        </div>
    </LayoutTemplate>
</asp:Login>

Web.config file:

<authentication mode="Forms">
  <forms loginUrl="~/default.aspx" timeout="2880" />
</authentication>

  <membership>
  <providers>
    <clear/>
      <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="OleConnectionStringSource"
         enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
         maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
         applicationName="/" />  
  </providers>
</membership> 

<profile>
  <providers>
    <clear/>
   <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/> 
  </providers>
</profile>

<roleManager enabled="false">
  <providers>
    <clear/>
      <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> 
  </providers>
</roleManager>

Default.aspx.cs code behind:

namespace ACAWebApplication
{
  public partial class _Default : System.Web.UI.Page
  { 
     protected void Page_Load(object sender, EventArgs e)
     {
       RegisterHyperLink.NavigateUrl = "Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);

       // authenticate user
       // if user active_flag=0 (false) OR password!=@password, display error: "Access Denied" 

       // if user admin_flag=1 & active flag=1 (true), redirect to admin_pages\zipsearch.aspx
       // if user admin_flag=0 (false) & active_flag=1 (true), redirect to pages\zipsearch.aspx

      }
   }
 }

Thanks a lot in advance! :)

Answer

MUG4N picture MUG4N · Mar 8, 2011

to make a start here you go with the login method:

protected void LoginButton_Click(object sender, EventArgs e)
{
 // Validate the user against the Membership framework user store
 if (Membership.ValidateUser(UserName.Text, Password.Text))
 {
 // Log the user into the site
 FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
 }
 // If we reach here, the user's credentials were invalid
 InvalidCredentialsMessage.Visible = true;
}

you can check the user credentials within the authenticate method:

protected void myLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
 // Get the email address entered
 TextBox EmailTextBox = myLogin.FindControl("Email") as TextBox;
 string email = EmailTextBox.Text.Trim();

 // Verify that the username/password pair is valid
 if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
 {
 // Username/password are valid, check email
 MembershipUser usrInfo = Membership.GetUser(myLogin.UserName);
 if (usrInfo != null && string.Compare(usrInfo.Email, email, true) == 0)
 {
 // Email matches, the credentials are valid
 e.Authenticated = true;
 }
 else
 {
 // Email address is invalid...
 e.Authenticated = false;
 }
 }
 else
 {
 // Username/password are not valid...
 e.Authenticated = false;
 }
}

For redirection depending on a specific role use this code:

protected void Login1_LoggedIn(object sender, EventArgs e)
{
    if (Roles.IsUserInRole(Login1.UserName, "Admin"))
    {
         Response.Redirect("~/Admin/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "User"))
    {
         Response.Redirect("~/User/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "Viewer"))
    {
         Response.Redirect("~/Viewer/Default.aspx");
    }
    else
    {
         Response.Redirect("~/Login.aspx");
    }
}

EDIT:

Here is the solution which should work for you not the best code but still ok.

So first of all you make configure your login control with the DestinationPageUrl tag like this:

<asp:Login 
  ID="Login1" 
  runat="server" 
  DestinationPageUrl="~/admin_pages/zipsearch.aspx">
</asp:Login>

Then in your LoginButton_Click method:

 protected void LoginButton_Click(object sender, EventArgs e)
    {
     // Validate the user against the Membership framework user store
    if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
     {
     // Username/password are valid, check email
     MembershipUser currentUser = Membership.GetUser(myLogin.UserName);

        if (currentUser != null)
        {
            if (admin_flag == true)
              {
                     FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
            }
           else
              {
              // If we reach here, the user's credentials were invalid -> your access is denied message
             InvalidCredentialsMessage.Visible = true;
            }
        }
      }
      //if code goes here validation of user failed        
    }