Reputation: 8162
ASP.NET - Validate a user without logging them in?
Is it possible to validate a user's Username + Password without logging them in? I understand a usual login block will look like this:
if (!Page.IsValid)
return;
if (Membership.ValidateUser(UsernameInput.Text, PasswordInput.Text))
{
FormsAuthentication.RedirectFromLoginPage(UsernameInput.Text, false);
}
else { [...] }
With the Membership.ValidateUser() call setting the cookie for the response.
However, there are some additional checks I'd like to perform after the password is confirmed. (Pulling out an expiry date for that user, for example).
Is there a way to do it without just calling FormsAuthentication.SignOut(); after invalidating the page?
Upvotes: 1
Views: 585
Answers (1)
Reputation: 16680
I think your assumption that Membership.ValidateUser is setting the cookie is wrong. I don't believe it sets cookies.
FormsAuthentication.RedirectFromLoginPage sets the cookie.
Think about it from a separation of concerns standpoint:
Membership is where you store your users and password, but it really doesn't know anything about the web or cookies.
Forms Authentication is the technology that keeps a user logged into a website but doesn't care how you determine if that user is valid. All it cares about is having a username and setting/reading cookies, so that the user doesn't have to log in with every request.
Upvotes: 3
Related Questions
- How to validate username and password of user before log in in ASP.net Identity?
- ASP.NET membership/ automatically log existing user on
- Using additional validation with ASP.NET Membership Create Status
- How can i validate password for user login
- how to restrict the user without login
- How to validate if a user has logged in website in ASP.NET MVC2?
- How to manually verify a user against the ASP.NET memberhip database?
- ASP.NET Membership validate password
- ASP.NET Forms Authentication With Only UserName
- ASP.Net membership validating users created manually