CODEWITHSUNDEEP
c#asp.net-mvcasp.net-membershiplogin-control
user2923864
user2923864

Reputation: 179

How does Membership.ValidateUser method access a database?

I wanted to build a membership system at the beginning of my MVC project and I used Membership.ValidateUser method to verify credentials. However I could not understand how does this method access my database and check my email and password informations.

[HttpPost]
[ActionName("Login")]
public ActionResult Login(LoginModel loginModel)
{
        if (Membership.ValidateUser(loginModel.Email, loginModel.Password))
        {
            FormsAuthentication.SetAuthCookie(loginModel.Email, true);
            return Json(true);
        }

        return new JsonNetResult() 
        { Data = new { Error = true, Messages = new[] { new { Message = "Wrong username or password" } } } };
}

Upvotes: 4

Views: 16143

Answers (2)

Humayoun_Kabir
Humayoun_Kabir

Reputation: 2251

Membership.ValidateUser method at first check membership defaultProvider in your web.config file which matches with name that you provide like below:

<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear />
        <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" 
         connectionStringName="Context" applicationName="myapp" 
         enablePasswordRetrieval="false" enablePasswordReset="true" 
         requiresQuestionAndAnswer="false" requiresUniqueEmail="true" 
         passwordFormat="Hashed" minRequiredPasswordLength="7" 
         minRequiredNonalphanumericCharacters="0" />
      </providers>
    </membership>

Above configuration will call .net framework abstraction class MembershipProvider -> ValidateUser (abstract method) which implementation lies in SqlMembershipProvider -> ValidateUser method that you have configured in your web.config file [like above].In that method it simply call two store procedures of your database , first one is aspnet_Membership_GetPasswordWithFormat which check your application name, username , last login activity date and current time and based on that makes you authenticate and secondly call to other store procedure which name is aspnet_Membership_UpdateUserInfo which is self explanatory as you realize which update aspnet_membership table with columns like islockedout, lastlockoutdate, failedpasswordattemptcount.. etc.

Hope this helps you.

Upvotes: 2

Perfect28
Perfect28

Reputation: 11317

It' used the MembershipProvider specified on your Web.config file to validate the user. By default, it uses DefaultMembershipProvider

Upvotes: 4

Related Questions