ASP.NET Login control custom authentication fails

Question

My code behind

protected void LogonForm_Authenticate(object sender, AuthenticateEventArgs e)
{
    bool auth = false;

    if (FormsAuthentication.Authenticate(LogonForm.UserName, LogonForm.Password))
    {
        auth = true;
    }

    e.Authenticated = auth;

}

It results in false. When I don't specify an OnAuthenticate event the user is validated it works as expected. What gives?

I simply want to invoke the default OnAuthenticate code and then add an additional check on the end of it. I am using LDAP to authenticate in both scenarios.

Answer 1

As is mentioned in the documentation on MSDN, the FormsAuthentication.Authenticate method should be used in case you have the credentials stored in the Web.config file like this:

<authentication mode="Forms">
    <forms loginUrl="login.aspx">
        <credentials passwordFormat="Clear">
            <user name="user1" password="password1" />
            <user name="user2" password="password2" />
        </credentials>
 </forms>
</authentication>

But if you are validating the credentials against a membership provider that inherits from the MembershipProvider abstract class like SqlMembershipProvider, ActiveDirectoryMembershipProvider or other custom providers you should use the Membership.ValidateUser method instead.

I think that replacing

if (FormsAuthentication.Authenticate(LogonForm.UserName, LogonForm.Password))

with

if (Membership.ValidateUser(LoginUser.UserName, LoginUser.Password))

will solve your problem.

Answer 2

Can you provide more code? Authenticate only AUTHENTICATE's a user, it doesnt set a cookie, etc. Use this method to determine if a username\password is valid (aka if it returns True)

Try this instead to set the cookie:

Dim boolVal as Boolean = FormsAuthentication.Authenticate(LogonForm.UserName, LogonForm.Password)
If boolVal Then
   FormsAuthentication.SetAuthCookie(LogonForm.UserName,False)
End If