Login.OnLoggingIn Method (LoginCancelEventArgs)


Raises the LoggingIn event when a user submits login information but before the authentication takes place.

Namespace:   System.Web.UI.WebControls
Assembly:  System.Web (in System.Web.dll)

protected virtual void OnLoggingIn(
	LoginCancelEventArgs e


Type: System.Web.UI.WebControls.LoginCancelEventArgs

A LoginCancelEventArgs containing the event data.

The OnLoggingIn method raises the LoggingIn event. Use the LoggingIn event to perform any processing that you need before authenticating a user or to perform custom validation.

Raising an event invokes the event handler through a delegate. For more information, see Handling and Raising Events.

The OnLoggingIn method also allows derived classes to handle the event without attaching a delegate. This is the preferred technique for handling the event in a derived class.

Notes to Inheritors:

When overriding OnLoggingIn in a derived class, be sure to call the base class's OnLoggingIn method so that registered delegates receive the event.

The following code example uses the LoggingIn event to ensure that the user has entered a well-formed e-mail address in the UserName property. If not, the LoggingIn event handler cancels the login attempt and displays the error message specified in the InstructionText property.

<%@ page language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">
// This custom Login control checks the user name 
// entered by the user is a valid e-mail address
class CustomLogin : Login
    bool IsValidEmail(string strIn)
        // Return true if strIn is in valid e-mail format.
        return Regex.IsMatch(strIn, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"); 

    override protected void OnLoggingIn(System.Web.UI.WebControls.LoginCancelEventArgs e)
        if (!IsValidEmail(UserName)) 
            InstructionText = "You must enter a valid e-mail address.";
            e.Cancel = true;
            InstructionText = String.Empty;

    // Add the custom login control to the page.
    void Page_Load(object sender, EventArgs e) 
        CustomLogin loginControl = new CustomLogin();
        loginControl.ID = "loginControl";

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
        <form id="Form1" runat="server">
            <asp:placeholder id="Placeholder1" runat="server"></asp:placeholder>

The following code example demonstrates how you can extend the Login control. The CustomLogin control includes a DropDownList control that lets users choose which membership provider they are authenticated with. (These providers are configured in Web.config.) In the OnLoggingIn method, the MembershipProvider property is set to the selected value of the DropDownList control.

System_CAPS_security Security Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

namespace Samples.AspNet.Controls
    public sealed class CustomLogin : Login
        public CustomLogin() { }

        protected override void OnLoggingIn(LoginCancelEventArgs e)
            // Set the Membership provider for the Login control from a DropDownList.
            DropDownList list = (DropDownList)this.FindControl("domain");
            this.MembershipProvider = list.SelectedValue;

        protected override void CreateChildControls()
            LayoutTemplate = new MyTemplate();

    // A Template that contains the child controls.
    public class MyTemplate : ITemplate
        void ITemplate.InstantiateIn(Control container)
            // A TextBox for the user name.
            TextBox username = new TextBox();
            username.ID = "username";

            // A TextBox for the password.
            TextBox password = new TextBox();
            password.ID = "password";

            // A CheckBox to remember the user on subsequent visits.
            CheckBox remember = new CheckBox();
            remember.ID = "RememberMe";
            remember.Text = "Don't forget me!";

            // Failure Text.
            Literal failure = new Literal();
            failure.ID = "FailureText";

            // A DropDownList to choose the Membership provider.
            DropDownList domain = new DropDownList();
            domain.ID = "Domain";
            domain.Items.Add(new ListItem("SqlMembers"));
            domain.Items.Add(new ListItem("SqlMembers2"));

            // A Button to log in.
            Button submit = new Button();
            submit.CommandName = "login";
            submit.Text = "LOGIN";

            container.Controls.Add(new LiteralControl("UserName:"));
            container.Controls.Add(new LiteralControl("<br>Password:"));
            container.Controls.Add(new LiteralControl("<br>"));
            container.Controls.Add(new LiteralControl("<br>Domain:"));
            container.Controls.Add(new LiteralControl("<br>"));
            container.Controls.Add(new LiteralControl("<br>"));

.NET Framework
Available since 2.0
Return to top