locked
Can not access UserName and Password textbox in login template RRS feed

  • Question

  • User426001450 posted

    I do have the following HTML markup for a login control:

     <asp:Login ID="Login1" runat="server" RememberMeSet="true" DestinationPageUrl="~/Default.aspx" >
           
            <LayoutTemplate>
                <table border="0" cellpadding="4" cellspacing="0" style="border-collapse: collapse">
                    <tr>
                        <td>
                            <table border="0" cellpadding="0" style="width: 330px; height: 271px">
                                <tr>
                                    <td align="center" style="font-weight: bold; font-size: 0.9em; color: white; background-color: #1c5e55; width: 326px;">
                                        Log In</td>
                                </tr>
                                <tr>
                                    <td align="center" style="color: black; font-style: italic; width: 326px;">
                                        Please enter your Username and Password and click "Log In".</td>
                                </tr>
                                <tr>
                                    <td style="width: 326px">
                                        <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label></td>
                                </tr>
                                <tr>
                                    <td style="width: 326px">
                                        <asp:TextBox ID="UserName" runat="server" Font-Size="0.8em"></asp:TextBox>
                                        <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
                                            ErrorMessage="User Name is required." ToolTip="User Name is required." ValidationGroup="Login1">*</asp:RequiredFieldValidator>
                                    </td>
                                </tr>
                                <tr>
                                    <td style="width: 326px">
                                        <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label></td>
                                </tr>
                                <tr>
                                    <td style="width: 326px">
                                        <asp:TextBox ID="Password" runat="server" Font-Size="0.8em" TextMode="Password"></asp:TextBox>
                                        <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
                                            ErrorMessage="Password is required." ToolTip="Password is required." ValidationGroup="Login1">*</asp:RequiredFieldValidator>
                                    </td>
                                </tr>
                                <tr>
                                    <td style="width: 326px">
                                        <asp:CheckBox ID="RememberMe" runat="server" Text="Remember me next time." />
                                    </td>
                                </tr>
                                <tr>
                                    <td align="center" style="color: red; width: 326px;">
                                        <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>
                                    </td>
                                </tr>
                                <tr>
                                    <td align="right" style="width: 326px">
                                        <asp:Button ID="LoginButton" runat="server" BackColor="White" BorderColor="#C5BBAF"
                                            BorderStyle="Solid" BorderWidth="1px" CommandName="Login" Font-Names="Verdana"
                                            Font-Size="0.8em" ForeColor="#1C5E55" Text="Log In" ValidationGroup="Login1" OnClick="LoginButton_Click" />
                                    </td>
                                </tr>
                            </table>
                        </td>
                    </tr>
                </table>
            </LayoutTemplate>
        </asp:Login>
        <br />
    
    
       

    I would like to access the UserName and Password textbox from code behind like this:

     Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
    
            If Not IsPostBack Then
              If ((Not (Request.Cookies("UserName")) Is Nothing) _
                AndAlso (Not (Request.Cookies("Password")) Is Nothing)) Then
                 UserName.Text = Request.Cookies("UserName").Value
                  Login1.FindControl("UserName"). = Request.Cookies("UserName").Value
                   Password.Attributes("value") = Request.Cookies("Password").Value
              End If
            End If
    
     End Sub
    
    
        Protected Sub LoginButton_Click(sender As Object, e As EventArgs)
    
              If RememberMe.Checked Then
                 Response.Cookies("UserName").Expires = DateTime.Now.AddDays(30)
                 Response.Cookies("Password").Expires = DateTime.Now.AddDays(30)
              Else
                 Response.Cookies("UserName").Expires = DateTime.Now.AddDays(-1)
                 Response.Cookies("Password").Expires = DateTime.Now.AddDays(-1)
              End If
               Response.Cookies("UserName").Value = UserName.Text.Trim
               Response.Cookies("Password").Value = Password.Text.Trim
    
        End Sub
    

    But the problem is that the code behind is giving me error. I can not access none of the textboxes from code behind. It is my understanding that this is because both textbox are inside the login control template. I tried "find control" but is not working either. Thanks all for your help.

     

    Wednesday, January 9, 2019 5:50 AM

Answers

All replies

  • User-1716253493 posted

    Access it by Login1.UserName and Login1.Password

    Wednesday, January 9, 2019 10:32 AM
  • User426001450 posted

    Login1.UserName works fine as : Login1.UserName = Request.Cookies("UserName").Value.ToString

    But the following two are not working:

    Login1.Password = Request.Cookies("Password").Value.ToString  **** no working

    Login1.RememberMe.Checked  *** no working

    Any thoughts on that?

    Thanks

    Wednesday, January 9, 2019 4:27 PM
  • User-943250815 posted

    Sorry if I´m loosing something here. But why compare User & Password with Cookie?
    I use Membership with Login control and just need to check Membership.ValidateUser(Login1.Username, Login1.Password)

    Wednesday, January 9, 2019 7:12 PM
  • User426001450 posted

    Sorry if I´m loosing something here. But why compare User & Password with Cookie?
    I use Membership with Login control and just need to check Membership.ValidateUser(Login1.Username, Login1.Password)

    That may work if user is already log, but in my case user is not. Thanks

    Wednesday, January 9, 2019 7:48 PM
  • User753101303 posted

    Hi,

    And you don't have an error message? My guess is that those values are read-only for safety reasons. This is the same in HTML ie you can't programmatically assign a value to an input type=password field.

    It seems you are trying to reimplement your own "remember me" and/or "password manager" ? It is already handled by ASP.NET and most if not all browsers. Also your approach seems really unsecure as you'll store a clear text password in a cookie.

    IMHO you should just use the available existing features. Or explain which benefit you are trying to get but doing this again another way.

    Wednesday, January 9, 2019 8:07 PM
  • User426001450 posted

    PatriceSc

    It seems you are trying to reimplement your own "remember me" and/or "password manager" ? It is already handled by ASP.NET and most if not all browsers. IMHO you should just use the available existing features. 

    If that is the case, please provide code sample or link in what a 'remember me' will work and where users do not have to enter the username and password again to login. In other words the site will remember users and will allow them to enter (login) automatically. Your sample should be in VB since that is the language that I'm working with.

    Thanks very much for trying to help 

    Wednesday, January 9, 2019 8:24 PM
  • User-943250815 posted

    When user is not logged just check with sample, bellow I know if user is logged or not, prepare my captcha and login control do all the rest for me

    If Not HttpContext.Current.User.Identity.IsAuthenticated Then
       MakeCaptcha()
    Else
    ' Check if user is on same SessionID
    Endif

    Wednesday, January 9, 2019 9:06 PM
  • User475983607 posted

    If that is the case, please provide code sample or link in what a 'remember me' will work and where users do not have to enter the username and password again to login. In other words the site will remember users and will allow them to enter (login) automatically. Your sample should be in VB since that is the language that I'm working with.

    The FormsAuthentication.RedirectFromLoginPage() method takes the RememberMe.Checked as a parameter. When set to true the Forms Auth cookie is persisted.  The following doc(s) found in the learn link above shows the code.

    https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-security/membership/validating-user-credentials-against-the-membership-user-store-vb

    Protected Sub LoginButton_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles LoginButton.Click
    
     ' Validate the user against the Membership framework user store
     If Membership.ValidateUser(UserName.Text, Password.Text) Then
     ' Log the user into the site
     FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked)
     End If
        
     ' If we reach here, the user's credentials were invalid
     InvalidCredentialsMessage.Visible = True
    End Sub

    The Forms Auth cookie timeout is configured in the web.config.

    <authentication mode="Forms">
      <forms loginUrl="~/login.aspx" timeout="2880" />
    </authentication>

    https://docs.microsoft.com/en-us/dotnet/api/system.web.configuration.formsauthenticationconfiguration?view=netframework-4.7.2

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, January 9, 2019 9:11 PM
  • User426001450 posted

    When user is not logged just check with sample, bellow I know if user is logged or not, prepare my captcha and login control do all the rest for me

    If Not HttpContext.Current.User.Identity.IsAuthenticated Then
       MakeCaptcha()
    Else
     ' Check if user is on same SessionID
    Endif

    This is my scenario. The login session expired after an idle hour. User got in front of the computer after that, click something and found that is not log. The site take him to the login page. Since he clicked "Remember me" when he first login hours ago, how could he possible get log again without providing username and password. It is possible? In your code you check if user is still in session. In my case he is not in session any longer, see the difference?

    Thanks

     

    Wednesday, January 9, 2019 9:19 PM
  • User475983607 posted

    This is my scenario. The login session expired after an idle hour. User got in front of the computer after that, click something and found that is not log. The site take him to the login page. Since he clicked "Remember me" when he first login hours ago, how could he possible get log again without providing username and password. It is possible? In your code you check if user is still in session. In my case he is not in session any longer, see the difference?

    Please read the linked docs above.

    Wednesday, January 9, 2019 9:24 PM
  • User753101303 posted

    And for the "password manager" see https://support.1password.com/disable-browser-password-manager/ (this site serve some other purpose but it shows where it is for each browser).

    At some point HTML even dropped the ability for site authors to disable password managers to keep users in control and avoid a possibly counter productive situation. It pushes everybody to use simple passwords, to reuse passwords or even to keep them handy.

    On the other side, it can be misused but other users are still able to take advantage of it.

    Edit: for the 3rd point it seems a confusion between the browser session which is unrelated to the user authentication and more likely it should be handled separately. Depending on what happens when the browser session expires :
    - you could make it longer so that it expires after the user authentication expired
    - or the app could be written to be not sensitive to that siutation (for example using session values as a kind of user cache ie reloading missing session values as needed).

    Wednesday, January 9, 2019 9:34 PM
  • User-943250815 posted

    @vstorpedo,
    In my case user is not allowed multiple logins, so if user try to logon on another machine or browser, the first session will be logged out, and user have to loggin again, a kind of follow-me.
    I think "Remember Me" you mention, is the resource offered by browsers, just to make life easy, so if I want to make my user life easy, I just remove authentication.
    So between make life easy and data secure, you have to choose where you sit, there an average point where you can be confortable, and resources are already pointed by @mgebhard and @PatriceSC

    In addition to all alredy posted and "IF I´M NOT WRONG"
    ASP.Net forms authentication "session" renew its authentication ticket only when the total escape time exceeds the half of the configured timeout
    Default Session Timeout is 20 minutes, so if user still working authentication time will be extended
    For Session Tiemout check https://docs.microsoft.com/en-us/dotnet/api/system.web.sessionstate.httpsessionstate.timeout?view=netframework-4.7.2

    Wednesday, January 9, 2019 10:05 PM