I’m working on a website with a login form. To log in, a postback is used to an OnClick handler in the codebehind.
Somehow, the value returned from the Text-property of the username and password textboxes is ten times the value I entered, separated by commas. I checked my entire code for double ID’s (which seems to be the most common problem causing this behaviour), but I found each ID defined only once.
In the ASPX file I have this:
<asp:Label ID="lblFeedback" ForeColor="Red" Font-Bold="true" runat="server" Visible="false" /><br />
<asp:Panel ID="pnlLogin" runat="server">
<table style="border-style: none;">
<tr>
<td>
<asp:Label ID="lblUsername" AssociatedControlID="txtUsername" runat="server" />
</td>
<td>
<asp:TextBox ID="txtUsername" runat="server" /><br />
</td>
</tr>
<tr>
<td>
<asp:Label ID="lblPassword" AssociatedControlID="txtPassword" runat="server" />
</td>
<td>
<asp:TextBox ID="txtPassword" runat="server" TextMode="password" /><br />
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button ID="btnLogin" OnClick="btnLogin_Click" runat="server" />
</td>
</tr>
</table>
</asp:Panel>
The OnClick handler in the Codebehind:
protected void btnLogin_Click(object sender, EventArgs e)
{
string username = Util.Escape(txtUsername.Text);
string password = Util.Escape(txtPassword.Text);
WebsiteUser user = WebsiteUser.Create(username, password);
if (user != null)
{
//Set some session variables and redirect to user profile
}
else
{
lblFeedback.Text = Localizer.Translate("INVALID_LOGIN");
lblFeedback.ForeColor = Color.Red;
lblFeedback.Visible = true;
pnlLogin.Visible = true;
}
}
The website is running on ASP.NET 2.0 on ISS 5.1 (Win XP Pro)
The code all looks okay. Some of the things that I would consider is your Util.Escape function. You could use HttpServerUtility.HtmlDecode if you are concerned about malicious entry. You could also go with the asp:login control as it provides all the features you are interested in.