ValidateUser Method

Membership.ValidateUser Method

Verifies that the supplied user name and password are valid.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

Public Shared Function ValidateUser ( _
	username As String, _
	password As String _
) As Boolean


Type: System.String
The name of the user to be validated.
Type: System.String
The password for the specified user.

Return Value

Type: System.Boolean
true if the supplied user name and password are valid; otherwise, false.

ValidateUser provides an easy way to verify a user name and password from the data source. Note that, if the username parameter is empty or Nothing, an HttpException is thrown.

The following code example shows the login page for an ASP.NET application configured to use forms authentication and the Membership class. If the supplied user credentials are invalid, a message is displayed to the user. Otherwise, the user is redirected to the originally requested URL by the RedirectFromLoginPage method.

Security noteSecurity Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

Public Sub Login_OnClick(sender As Object, args As  EventArgs)

   If (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text)) Then
      FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked)
     Msg.Text = "Login failed. Please check your user name and password and try again."
   End If

End Sub


<html xmlns="" >

<form id="form1" runat="server">

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br />
  Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br />

  <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" />
  <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
  Check here if this is <span style="text-decoration:underline">not</span> a public computer.



.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Community Additions

© 2015 Microsoft