I’m working on a project thats already build and working fine.What I need to do now is to encrypt the password with salt.Normally I can do this and all, but I’m struggling to see where the control asp:Login gets the username and password.I have searched all over the project and cant find any details to where the username and password gets retrieved from the Database and where it checks if it is correct.Here are the markup:
<asp:Login ID="LoginUser" runat="server" EnableViewState="False" RenderOuterTable="False" OnLoggingIn="LoginUser_LoggingIn">
<LayoutTemplate>
<div class="accountInfo">
<fieldset class="Login">
<p>
<asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName" CssClass="text"></asp:Label>
<asp:TextBox ID="UserName" runat="server" CssClass="textEntry"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password" CssClass="text"></asp:Label>
<asp:TextBox ID="Password" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
</fieldset>
<span class="error">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>
<asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="error"
ValidationGroup="LoginUserValidationGroup" />
<p class="submitButton">
<asp:Button CssClass="submitButton" ID="LoginButton" runat="server" CommandName="Login"
ValidationGroup="LoginUserValidationGroup" Text="d" OnClick="LoginButton_Click" />
</p>
</div>
</LayoutTemplate>
</asp:Login>
and here are the code-behind:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using mycompany.BaseCode;
using System.Threading;
namespace mycompany.Account
{
public partial class Login : BasePage
{
protected void Page_Load(object sender, EventArgs e)
{
//RegisterHyperLink.NavigateUrl = "Register.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
Thread.CurrentThread.CurrentCulture = new System.Globalization.CultureInfo(SessionManager.Culture);
lblLoginTitle.Text = Resources.Login.LoginTitle;
lblExtraInfo.Text = Resources.Login.ExtraInfo;
var llb = (Label)LoginUser.FindControl("UserNameLabel");
llb.Text = Resources.Login.Username;
llb = (Label)LoginUser.FindControl("PasswordLabel");
llb.Text = Resources.Login.Password;
LoginUser.FailureText = Resources.Login.FailureText;
var rfv = (RequiredFieldValidator)LoginUser.FindControl("PasswordRequired");
rfv.ErrorMessage = Resources.Login.PasswordRequired;
rfv = (RequiredFieldValidator)LoginUser.FindControl("UserNameRequired");
rfv.ErrorMessage = Resources.Login.UsernameRequired;
var btn = (Button)LoginUser.FindControl("LoginButton");
btn.Text = Resources.Login.btnLogin;
}
}
}
There is no OnLoggingIn=”LoginUser_LoggingIn” or OnClick=”LoginButton_Click” events anywhere to be found.I even looked in the base code.The funny thing is it is working.
Any explanation or tips of where to find these hidden details will be deeply appreciated
It will use the default
MembershipProviderconfigured in your web.config if you don’t have any event handlers.If you haven’t configured a
MembershipProvider, I think you need to handle at least theLogin.Authenticateevent.