CodeGarden 10: The sixth annual Umbraco Developer Conference
June 23-25th 2010 - free ASP.NET MVC pre-conference. Register today!

Check if user is active before logging in

A lot of times an application will require user activation of some sort. Either by expecting a membership payment, email verification, or some other sort of user approval before the member is given access. This can be accomplished ina a variety of ways:

- The slickest way of doing this is by overriding the ValidateUser method that is part of the standard .NET membership provider. This was detailed by Nibble on his great blog (blog post). This worked great in the 4.0 and 4.0.1 releases of Umbraco, but broke with the 4.0.2 release.

- To get around the above issue one can use the OnLoggedIn event with the standard .NET Login control to intercept the process, check the DB (or member property) and determine if the user is 'allowed' to log in. Here's an example of what that might look like:

Login.asxc

<asp:Login ID="Login1" OnLoggedIn="Login1_LoggedIn" runat="server">
...
</asp:Login>

 

Login.ascx.cs

protected void Login1_LoggedIn(object sender,EventArgs e)
{
    TextBox unameTB = (TextBox)Login1.FindControl("Username");
    TextBox passwordTB = (TextBox)Login1.FindControl("Password");

    // at this point the user should be logged in
    Member m = Member.GetMemberFromLoginNameAndPassword(unameTB.Text, passwordTB.Text);
    MemberDB memberDb = new MemberDB();

    // This is a custom class for the project, but you could just 
    // as well call m.getProperty('IsActive') here if you had that
    // that property registered with the given MemberType
    StaticMember sm = memberDb.GetMemberDetails(m.Id.ToString());
            
    // check the active status...
    if (sm.IsActive!=1)
    {
        // We call our logout action and indicate which message we
        // would like to show when the page is displayed
        Response.Redirect("/logout.aspx?active=0"); 
    }
    ...
}

 

Logout.ascx.cs

protected void Page_Load(object sender, EventArgs e)
{
    // call the standard .NET logout action...
    FormsAuthentication.SignOut();
        
    // let's just make sure all session vars are killed
    SessionHandler.Clear(); // custom session handler

    Utilities u = new Utilities();
    if (!String.IsNullOrEmpty(u.GetQueryStringValue(Request,"active")))
    {
        Response.Redirect("/login.aspx?active=0");
    }
    else
    {
        Response.Redirect("/login.aspx?logout=1");
    }
            
}