Allowing Membership.ValidateUser to validate username or email from AD

Question

I have a C# web application that has a need to accept either username or email address for login. Currently it is working just fine to login using email address which also happens to be the same as the fully qualified domain name, where Membership.ValidateUser returns true into isValid if the correct email address and password are entered for variables user and password.

bool isValid = Membership.ValidateUser(user, password);

However isValid returns false if using just the username portion for user instead of the fully qualified username (email address).

For example, my user could be johngordon and my email johngordon@fullyqualifieddomain. My password is 12345. Using

Membership.ValidateUser("johngordon", "12345")

returns false

Membership.ValidateUser("domain\johngordon", "12345")

returns false

Membership.ValidateUser("fullyqualifieddomain\johngordon", "12345")

returns false

Membership.ValidateUser("johngordon@fullyqualifieddomain", "12345")

returns true

Here is what I think is the pertinent information from web.config. I've done some searching for ValidateUser() but can't find how you tell it to use username, email address, or in my scenario both.

John Wesley Gordon · Accepted Answer

So I ended up doing different things depending on what I got as a username checking for a fullyqualified name, an email address, or just a username and validating them accordingly.

bool isValid = false;
if(user.Contains("@fullyqualifieddomain"))
{
  isValid = Membership.ValidateUser(user, password)
}
else if(user.Contains("@"))
{
  isValid = Membership.ValidateUser(Membership.GetUserNameByEmail(user),password);
}
else
{
 isValid = Membership.ValidateUser(user+"fullyqualifieddomain");
}

Allowing Membership.ValidateUser to validate username or email from AD

Answers (1)

Related Questions