Membership.ValidateUser Method
Assembly: System.Web (in system.web.dll)
public static boolean ValidateUser ( String username, String password )
public static function ValidateUser ( username : String, password : String ) : boolean
Not applicable.
Parameters
- username
The name of the user to be validated.
- password
The password for the specified user.
Return Value
true if the supplied user name and password are valid; otherwise, false.ValidateUser provides an easy way to verify a user name and password from the data source. Note that, if the username parameter is empty or a null reference (Nothing in Visual Basic), an HttpException is thrown.
The following code example shows the login page for an ASP.NET application configured to use forms authentication and the Membership class. If the supplied user credentials are invalid, a message is displayed to the user. Otherwise, the user is redirected to the originally requested URL by the RedirectFromLoginPage method.
Security Note: |
|---|
|
This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview (Visual Studio). |
<%@ Page Language="C#" %> <%@ Import Namespace="System.Web.Security" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> public void Login_OnClick(object sender, EventArgs args) { if (Membership.ValidateUser(UsernameTextbox.Text, PasswordTextbox.Text)) FormsAuthentication.RedirectFromLoginPage(UsernameTextbox.Text, NotPublicCheckBox.Checked); else Msg.Text = "Login failed. Please check your user name and password and try again."; } </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Login</title> </head> <body> <form id="form1" runat="server"> <h3>Login</h3> <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br /> Username: <asp:Textbox id="UsernameTextbox" runat="server" /><br /> Password: <asp:Textbox id="PasswordTextbox" runat="server" TextMode="Password" /><br /> <asp:Button id="LoginButton" Text="Login" OnClick="Login_OnClick" runat="server" /> <asp:CheckBox id="NotPublicCheckBox" runat="server" /> Check here if this is <span style="text-decoration:underline">not</span> a public computer. </form> </body> </html>
Security Note: