Note that the Login control's default interface includes Text Box controls for the username and password, a Remember me next time Check Box, and a Log In Button. Figure 3: Add a Login Control to the Page (Click to view full-size image) And we're done!When the Login control's Log In button is clicked, a postback will occur and the Login control will call the method, passing in the entered username and password.Let's update our login page (~/ tutorial, creating an interface with two Text Boxes for the username and password, a Remember Me checkbox, and a Login button (see Figure 1).The code validates the entered credentials against a hard-coded list of username and password pairs (Scott/password, Jisun/password, and Sam/password). Figure 1: The Login Page's Interface Includes Two Text Boxes, a Check Box List, and a Button (Click to view full-size image) The login page's user interface can remain unchanged, but we need to replace the Login button's Label is displayed, informing the user that their username or password was incorrect. To test that the login page works as expected, attempt to login with one of the user accounts you created in the preceding tutorial.The Membership API includes a method for programmatically validating a user's credentials against the user store. NET ships with the Login Web control, which renders a user interface with textboxes for the username and password and a button to log in.We will also look at how to customize the login control's appearance and behavior. For web sites that use forms authentication, a user logs on to the website by visiting a login page and entering their credentials.
While this behavior lessens the likelihood that a hacker will break into your site through brute force methods, it can end up locking out a valid user who has simply forgotten her password or accidentally has the Caps Lock on or is having a bad typing day.
We will examine creating administrative interfaces for accomplishing common user account- and role-related tasks in a future tutorial.
method is that when the supplied credentials are invalid, it does not provide any explanation as to why.
These credentials are then compared against the user store.
If they are valid, then the user is granted a forms authentication ticket, which is a security token that indicates the identity and authenticity of the visitor.