by Frieder Mack 29.October 2007 15:54
The .Net Membership and Profile providers are quick and easy tools to develop user systems for any site. However, to expand the dynamic ability of the controls which interact with the SqlProvider, you will find yourself re-creating these controls to fully tap into the events and methods offered by these providers. At Mindfly, I’ve implemented a few of these providers and always end up customizing a number of the commonly used provider controls. I’ll attempt to share what I’ve learned from customizing the provider controls beginning with the login control.
In an attempt to manipulate a user upon login, when a password is being passed in clear text form, you can manually login the user, in addition to any other action you’d like to add, by authenticating the user and setting the cookie as shown below
Protected Sub Login_OnLoggingIn(ByVal sender As Object, ByVal e As EventArgs) Handles ctlLogin.LoggingIn
'Retrieves the login control
Dim uLogin As Login = CType(sender, Login)
'Checks to see if the user is valid
If Membership.ValidateUser(uLogin.UserName, uLogin.Password) Then
'Manually login in the User by stting the Authentication Cookie
FormsAuthentication.SetAuthCookie(uLogin.UserName, False)
'Feel free to add functionality here, for example, saving the 'IPAddress of the user
'Calls dummy function that save IPAddress, passes in IPAddress
SaveUserIPAddress(Request.UserHostAddress())
'Redirects user to a page, if necessary
Response.Redirect("/redirectURL.aspx")
Else
'Handle failed login
End If
End Sub
Logout: Conversley, the current user can easily be logged out by using the “FormsAuthentication.SignOut()” method.
The Membership Class: The Membership class is the web developer’s main tool to manipulating the membership provider. It offer the methods to access different facets of membership information. Although, to expose all the members (or parts of) the user’s membership information, and to modify a specific user, we use the MembershipUser class. This class allows the getting or setting of the values that make up a user, such as the ProviderUserKey, UserName, Email, etc., and allows for specific methods of a user, such as ChangePassword, UnlockUser, etc. Examples of accessing this class are given below, as well as other useful methods to interacting with the Membership Provider.
'Get currently logged in user
Dim CurrentMember As MembershipUser = Membership.GetUser()
'Get user by username
Dim DifferentMember As MembershipUser = Membership.GetUser("DifferentUsersName")
'Get user's UserName
Dim UserName As String = CurrentMember.UserName
'Sets Password of user
CurrentMember.ChangePassword(OldPassword, NewPassword)
'Sets Email of user
CurrentMember.Email = "NewEmail@Email.com"
'Save email change
Membership.UpdateUser(CurrentMember)
Validate: To check if a user is logged in use “HttpContext.Current.User.Identity.IsAuthenticated()” to return a boolean value signifying if the user is logged in or not.
Current User: Similarily, the current user’s username can be retriever by calling “HttpContext.Current.User.Identity.Name()”.
These methods all allow easy login, tracking, and logout of the Membership Provider’s users throughout a site, and customization of all of these events by creating your own controls.