Export (0) Print
Expand All

FormsLoginPage Class Overview

Active Directory Federation Services 2.0

By default, Active Directory® Federation Services (AD FS) 2.0 presents the FormsSignIn.aspx page to collect username and password credentials. The code-behind class for the FormsSignIn.aspx page derives from the FormsLoginPage class. You can customize this page to collect additional credentials and verify them with another authentication server before requesting a token from the STS.

The FormsLoginPage class provides the Microsoft.IdentityServer.Web.UI.FormsLoginPage.SignIn(System.String,System.String) method to authenticate to a security token service (STS) with a user name and password. You can catch the AuthenticationFailedException to handle incorrect user name and password errors.

Example: Adding CAPTCHA

The following example shows how to add a mock CAPTCHA control to the FormsSignIn.aspx page. The control outputs a single image and expects “1234” as the response.

WarningWarning
We recommend that you make backup copies of the FormsSignIn.aspx and FormsSignIn.aspx.cs files before you modify them.

The following code defines the SimpleCaptcha class:

using System;
using System.ComponentModel;
using System.Web.UI;
using System.Web.UI.WebControls;

[DefaultProperty("IsValid")]
[ToolboxData("<{0}:SimpleCaptcha runat=server></{0}:SimpleCaptcha>")]
public class SimpleCaptcha : WebControl, IPostBackDataHandler
{
    private string ImageURL = "CAPTCHA.jpg";
    private bool validated = false;

    public bool IsValid
    {
        get { return validated; }
    }

    protected override void RenderContents(HtmlTextWriter writer)
    {
        //<div>
        writer.RenderBeginTag(HtmlTextWriterTag.Div);
        //<img src="ImageURL" alt="CAPTCHA" />
        writer.AddAttribute(HtmlTextWriterAttribute.Src, ImageURL);
        writer.AddAttribute(HtmlTextWriterAttribute.Alt, "CAPTCHA");
        writer.RenderBeginTag(HtmlTextWriterTag.Img);
        writer.RenderEndTag();
        writer.RenderEndTag();
        //<div>
        writer.RenderBeginTag(HtmlTextWriterTag.Div);
        writer.AddAttribute(HtmlTextWriterAttribute.Id, UniqueID);
        writer.AddAttribute(HtmlTextWriterAttribute.Name, UniqueID);
        writer.AddAttribute(HtmlTextWriterAttribute.Type, "text");
        // <input ID="UniqueID" type="text" />
        writer.RenderBeginTag(HtmlTextWriterTag.Input);
        writer.RenderEndTag();
        writer.RenderEndTag();
    }

    protected override void Render(HtmlTextWriter writer)
    {
        writer.RenderBeginTag(HtmlTextWriterTag.Div);
        RenderContents(writer);
        writer.RenderEndTag();
    }

    #region IPostBackDataHandler Members

    public bool LoadPostData(string postDataKey, System.Collections.Specialized.NameValueCollection postCollection)
    {
        if (Convert.ToString(postCollection[UniqueID]) == "1234")
        {
            validated = true;
        }
        else
        {
            validated = false;
        }
        return validated;
    }

    public void RaisePostDataChangedEvent()
    {
    }

    #endregion
}

In the FormsSignIn.aspx page, add the following table row to contain the CAPTCHA control:

<tr>
    <td>
        <span class="Label">Type the code: </span>
    </td>
    <td>
        <cc:SimpleCaptcha ID="SimpleCaptcha1" runat="server" />
    </td>
    <td>&nbsp;</td>
</tr>

Finally, change FormsSignIn.aspx.cs to check the CAPTCHA control before requesting a token from the STS:

protected void SubmitButton_Click( object sender, EventArgs e )
    {
        if (SimpleCaptcha1.IsValid)
        {
            SignIn(UsernameTextBox.Text, PasswordTextBox.Text);
        }
        else
        {
            ErrorTextLabel.Visible = true;
            ErrorTextLabel.Text = "CAPTCHA is invalid";
        }
    }

Example: How to Pass a User Name to the Login Form using the Query String

This example shows how to modify the FormsSignIn.aspx.cs code-behind file so that the user name can be passed to the login form. The user name is passed by adding a username parameter to the query string; for example (assuming that it is not the first parameter passed in the query string), &username=Bob@Contoso.com.

With this code, when a sign-in request for user name-password authentication with this parameter in the query string arrives, the user name will be pre-populated in the Username box on the page. For example, for the following WS-Federation sign-in request, https://myadfs.contoso.com/adfs/ls/?wa=wsignin1.0&wtrealm=https%3a%2f%2fmyadfs.contoso.com%2fwsfedrp%2f&wctx=rm%3d0%26id%3dFederatedPassiveSignIn1&wct=2011-04-06T06%3a25%3a34Z&wreply=https%3a%2f%2fmyadfs.contoso.com%2fwsfedrp%2fLogin.aspx&wauth=urn:oasis:names:tc:SAML:2.0:ac:classes:Password&username=bob@contoso.com, the User name box on the page will be pre-populated with “bob@contoso.com”.

To implement this functionality, you can overwrite the FormsSignIn.aspx.cs file (default location C:\inetpub\adfs\ls) with the following code. You need administrator permissions to do this. The modifications are to the Page_Load event handler and in the inclusion of some additional using statements for necessary namespaces.

//-----------------------------------------------------------------------------
//
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
// ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
// PARTICULAR PURPOSE.
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//
//-----------------------------------------------------------------------------


using System;
using System.Collections.Specialized;
using System.Web;

using Microsoft.IdentityServer.Web;
using Microsoft.IdentityServer.Web.UI;

/// <summary>
/// Attempts to authenticate the user via HTTP Forms Authentication.
/// </summary>
public partial class FormsSignIn : FormsLoginPage
{
    protected void Page_Load( object sender, EventArgs e )
    {
        // Extract the username from the query string and set the text in the TextBox
        string url = Context.Request.Url.AbsoluteUri;
        NameValueCollection parameters = HttpUtility.ParseQueryString(url);
        string userName = parameters["username"];

        if (!String.IsNullOrEmpty(userName))
        {
            UsernameTextBox.Text = userName;
        }
    }

    protected void HandleError( string message )
    {
        ErrorTextLabel.Visible = true;
        ErrorTextLabel.Text = Resources.CommonResources.IncorrectUsernameText;
    }

    protected void SubmitButton_Click( object sender, EventArgs e )
    {
        try
        {
            SignIn( UsernameTextBox.Text, PasswordTextBox.Text );
        }
        catch ( AuthenticationFailedException ex )
        {                    
            HandleError( ex.Message );
        }
    }
}

See Also

Reference

FormsLoginPage



Show:
© 2014 Microsoft