ValidateUser of Forms Authentication issue

Question

I am using SharePoint 2007 Enterprise + Publishing portal template + Windows Server 2008. And I am developing using ASP.Net + C# + .Net 3.5 + VSTS 2008 on SharePoint Server 2007. I am developing a custom Forms authentication based on Forms authentication interface. I am learning using Forms Authentication with SharePoint and my confusion is about this method -- ValidateUser of Forms Authentication, here is MSDN link,

http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.validateuser.aspx

My confusions are about which component will call ValidateUser method?

1. Do I need to call ValidateUser by myself (my application code), or depends on my needs (not always needed, depends on my application scenario);
2. Is ValidateUser is called by SharePoint code (not my own application code), if yes, when (i.e. in what situations will SharePoint calls ValidateUser method, or say in other words, what operation in SharePoint will trigger invocation of this method)?

Answer 1

My confusions are about which component will call ValidateUser method?

It is called by the Login Control present in the page C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\login.aspx

Do I need to call ValidateUser by myself (my application code), or depends on my needs (not always needed, depends on my application scenario);

IF you want to Authenticate the user to SharePoint then ValidateUser has to be called/will be called.

Is ValidateUser is called by SharePoint code (not my own application code), if yes, when (i.e. in what situations will SharePoint calls ValidateUser method, or say in other words, what operation in SharePoint will trigger invocation of this method)?

To be exact SharePoint does not do authentication by itself it depends on the provider/ By default it is configured to validate the user based on the Active Directory Windows authentication. Where as you can also configure it to validate aganist different store ( FBA as you have done).

Being said that ValidateUser method is automatically called by Login Control when you click on the Sign In button.Once the user has been validated it drops a cookie so that the further request form the browser goes to the Server as the authenticated request.

[Update : To answer your comment]My question is, if I customize SharePoint login page and not using ASP.Net Login control, and for anonymous user, if the anonymous user access specific content which is blocked for anonymous users, will ValidateUser be called automatically?

No, Only Case when the ValidateUser will be called is when you have a ASP.NET Login Control and when you click sign in button in it. Login control is nothing but a Custom Control that has Two TextBox, one Button and a Check Box, and if you don't want to use the default login control then you will have to somehow take the user name and password from the user and use the Validate method to authenticate him/her.

And to answer your second point ,

if you try to access a item that is blocked for anonymous user then SharePoint will contact the provide to authenticate the user (Provider will provide you the Login Screen) to put it simple you will be redirected Login Page.

On a Side note : Do not attempt to customize the Login.aspx present it the Layouts folder, because it is not recommended to do any changes to the SharePoint files.

Answer 2

The ValidateUser will be called by the Login control on the SharePoint forms login page, so you do not have to call this method yourself, unless you are customizing the login page or creating some kind of login handler.