This documentation is archived and is not being maintained.

Login Class

Provides user interface (UI) elements for logging in to a Web site.

Namespace:  System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)

[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public class Login : CompositeControl
<asp:Login />

The Login control is a composite control that provides all the common UI elements needed to authenticate a user on a Web site. The following three elements are required for all login scenarios:

  • A unique user name to identify the user.

  • A password to verify the identity of the user.

  • A login button to send the login information to the server.

The Login control also provides the following optional UI elements that support additional functions:

  • A link for a password reminder.

  • A Remember Me checkbox for retaining the login information between sessions.

  • A Help link for users who are having trouble logging in.

  • A Register New User link that redirects users to a registration page.

  • Instruction text that appears on the login form.

  • Custom error text that appears when the user clicks the login button without filling in the user name or password fields.

  • Custom error text that appears if the login fails.

  • A custom action that occurs when login succeeds.

  • A way to hide the login control if the user is already logged in to the site.

For a table showing which controls are required and which are optional, see LayoutTemplate property.


If you are not familiar with the set of login controls available in ASP.NET, see ASP.NET Login Controls Overview before continuing. For a list of other topics related to login controls and membership, see Managing Users by Using Membership.

Security noteSecurity Note:

Accepting user input is a potential security threat. Malicious users can send data that is intended to expose vulnerabilities or run programs that try generated passwords. To improve security when working with user input, you should use the validation features of your control and secure any data providers that are configured for your control. For more information, see Securing Login Controls, Basic Security Practices for Web Applications, and Securing Membership.

The Login control uses a membership provider to obtain user credentials. Unless you specify otherwise, the Login control uses the default membership provider defined in the Web.config file. To specify a different provider, set the MembershipProvider property to one of the membership provider names defined in your application's Web.config file. For more information, see Membership Providers.

If you want to use a custom authentication service, you can use the OnAuthenticate method to call the service.

Styles and Templates

The appearance of the Login control is fully customizable through templates and style settings. All UI text messages are also customizable through properties of the Login class. The default interface text is automatically localized based on the locale setting on the server.

If the Login control is customized with templates, then the AccessKey property and the TabIndex property are ignored. In this case, set the AccessKey property and the TabIndex property of each template child control directly.

Login control properties represented by text boxes, such as UserName and Password, are accessible during all phases of the page life cycle. The control will pick up any changes made by the end user by means of the TextChanged event triggered by the textboxes.


If you embed the Login control in a WizardStep object, explicitly set the ActiveStepIndex property in a Page_Load event handler if the user is authenticated. The Wizard control does not automatically advance to the next WizardStep object in this scenario.

The following table lists the Login control style properties and explains which UI element each style property affects. For a list of which properties each style applies to, see the documentation for the individual style properties.

Style property

UI element affected


The space between the control contents and the control's border.


Remember Me checkbox.


Login failure text.


Instructional text on the page that tells users how to use the control.


Labels for all input fields, such as text boxes.


Text entry input fields.


Title text.


Text displayed to the user when a login attempt is unsuccessful due to validation errors.


Links to other pages.


Login button.

Validation Groupings

The UserName and Password properties have RequiredFieldValidator controls associated with them to prevent users from submitting the page without providing required information.

The Login control uses a validation group so that other fields on the same page as the Login control can be validated separately. By default, the ID property of the Login control is used as the name of the validation group. For example, a Login control with the ID "Login1" will use a validation group name of "Login1". If you want to set the validation group that the Login control is part of, you must template the control and change the validation group name.


The markup rendered by default for this control might not conform to accessibility standards such as the Web Content Accessibility Guidelines 1.0 (WCAG) priority 1 guidelines. For details about accessibility support for this control, see ASP.NET Controls and Accessibility.

How to: Build and Run the Profile Provider ExampleBuilding ASP .NET Web Applications
How to: Use Advanced Features of the ASP.NET Login ControlBuilding ASP .NET Web Applications
How to: Create an ASP.NET Login PageBuilding ASP .NET Web Applications
How to: Build and Run the Profile Provider ExampleBuilding ASP .NET Web Applications
How to: Use Advanced Features of the ASP.NET Login ControlBuilding ASP .NET Web Applications
How to: Create an ASP.NET Login PageBuilding ASP .NET Web Applications
Walkthrough: Creating a Web Site with Membership and User Login (Visual Studio)Building ASP .NET Web Applications in Visual Studio

The following code example uses a Login control to provide a UI for logging in to a Web site.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.ComponentModel" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

<script runat="server">
bool IsValidEmail(string strIn)
    // Return true if strIn is in valid e-mail format. 
    return Regex.IsMatch(strIn, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"); 

void OnLoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
    if (!IsValidEmail(Login1.UserName))
        Login1.InstructionText = "Enter a valid e-mail address.";
        Login1.InstructionTextStyle.ForeColor = System.Drawing.Color.RosyBrown;
        e.Cancel = true;
        Login1.InstructionText = String.Empty;

void OnLoginError(object sender, EventArgs e)
    Login1.HelpPageText = "Help with logging in...";
    Login1.PasswordRecoveryText = "Forgot your password?";

<html xmlns="" >
    <head runat="server">
    <title>ASP.NET Example</title>
        <form id="form1" runat="server">
            <asp:Login id="Login1" runat="server" 
                CreateUserText="Create a new user..."
                UserNameLabelText="E-mail address:" 
                OnLoginError="OnLoginError" >
                <TitleTextStyle Font-Bold="True" 


The following code example demonstrates how you can extend the Login control. The CustomLogin control includes a DropDownList control that lets users choose which membership provider they are authenticated with. (These providers are configured in Web.config.) In the OnLoggingIn method, the MembershipProvider property is set to the selected value of the DropDownList control.

Security noteSecurity Note:

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace Samples.AspNet.Controls
    public sealed class CustomLogin : Login
        public CustomLogin() { }

        protected override void OnLoggingIn(LoginCancelEventArgs e)
            // Set the Membership provider for the Login control from a DropDownList.
            DropDownList list = (DropDownList)this.FindControl("domain");
            this.MembershipProvider = list.SelectedValue;

        protected override void CreateChildControls()
            LayoutTemplate = new MyTemplate();

    // A Template that contains the child controls. 
    public class MyTemplate : ITemplate
        void ITemplate.InstantiateIn(Control container)
            // A TextBox for the user name.
            TextBox username = new TextBox();
            username.ID = "username";

            // A TextBox for the password.
            TextBox password = new TextBox();
            password.ID = "password";

            // A CheckBox to remember the user on subsequent visits.
            CheckBox remember = new CheckBox();
            remember.ID = "RememberMe";
            remember.Text = "Don't forget me!";

            // Failure Text.
            Literal failure = new Literal();
            failure.ID = "FailureText";

            // A DropDownList to choose the Membership provider.
            DropDownList domain = new DropDownList();
            domain.ID = "Domain";
            domain.Items.Add(new ListItem("SqlMembers"));
            domain.Items.Add(new ListItem("SqlMembers2"));

            // A Button to log in.
            Button submit = new Button();
            submit.CommandName = "login";
            submit.Text = "LOGIN";

            container.Controls.Add(new LiteralControl("UserName:"));
            container.Controls.Add(new LiteralControl("<br>Password:"));
            container.Controls.Add(new LiteralControl("<br>"));
            container.Controls.Add(new LiteralControl("<br>Domain:"));
            container.Controls.Add(new LiteralControl("<br>"));
            container.Controls.Add(new LiteralControl("<br>"));

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0