We will also look at how to customize the login control's appearance and behavior. For web sites that use forms authentication, a user logs on to the website by visiting a login page and entering their credentials.These credentials are then compared against the user store.However, the login page currently validates the supplied credentials against a hard-coded list of username and password pairs.We need to update the login page's logic so that it validates credentials against the Membership framework's user store.method is that when the supplied credentials are invalid, it does not provide any explanation as to why.The credentials may be invalid because there is no matching username/password pair in the user store, or because the user has not yet been approved, or because the user has been locked out.If the password stored in the database matches the formatted password entered by the user, the credentials are valid.Let's update our login page (~/ tutorial, creating an interface with two Text Boxes for the username and password, a Remember Me checkbox, and a Login button (see Figure 1).
Or, if you have not yet created an account, go ahead and create one from the .
If the credentials are valid, the HTTP response includes the authentication ticket in a cookie.
Therefore, a hacker attempting to break into your site could create a program that exhaustively sends HTTP requests to the login page with a valid username and a guess at the password.
We will also look at how to customize the login control's appearance and behavior.
method, and then examined using the Create User Wizard Web control.