ClientFormsAuthenticationMembershipProvider.ValidateUser Method (String, String, Boolean)


Authenticates a user by using the specified user name and password, optionally storing a hash of the password in the local data cache.

Namespace:   System.Web.ClientServices.Providers
Assembly:  System.Web.Extensions (in System.Web.Extensions.dll)

public bool ValidateUser(
	string username,
	string password,
	bool rememberMe


Type: System.String

The name of the user to authenticate.

Type: System.String

The password of the user to authenticate.

Type: System.Boolean

true to store a hash of the password in the local data cache for offline use and for automatic reauthentication when the user authentication cookie expires; false to disable offline login or to require users to reauthenticate when the cookie expires.

Return Value

Type: System.Boolean

true if the user was authenticated; otherwise, false.

Exception Condition

The IsOffline property value is false and the membership provider is unable to access the authentication service.

You can use client application services to validate users by using forms authentication. To validate users, you will typically call the static Membership.ValidateUser method, which internally calls the ClientFormsAuthenticationMembershipProvider.ValidateUser(String, String) method. Alternatively, you can call the ClientFormsAuthenticationMembershipProvider.ValidateUser method directly. You can call this overload to pass in a rememberMe value in addition to the username and password values.

The following example code demonstrates how to use this method to validate the user by using login controls in your application code. This example requires a TextBox control named usernameTextBox, a TextBox control named passwordTextBox, and a CheckBox control named rememberMeCheckBox.

private bool ValidateUsingLoginControls()
    bool isAuthorized = false;
        ClientFormsAuthenticationMembershipProvider authProvider =
            System.Web.Security.Membership.Provider as

        // Call ValidateUser with credentials retrieved from login controls.
        isAuthorized = authProvider.ValidateUser(usernameTextBox.Text,
            passwordTextBox.Text, rememberMeCheckBox.Checked);
    catch (System.Net.WebException)
        MessageBox.Show("Unable to access the authentication service.",
            "Warning", MessageBoxButtons.OK, MessageBoxIcon.Warning);
    if (!isAuthorized)
        MessageBox.Show("Unable to authenticate.", "Not logged in",
            MessageBoxButtons.OK, MessageBoxIcon.Error);
    return isAuthorized;

.NET Framework
Available since 3.5
Return to top