This blog is continuation to my other two blogs on Customizing membership controls (Part1 and Part2). Here i am going to talk about customizing login membership controls for redirection.
By default, Login membership control provides support for requestUrl redirection i.e. when you access a page that require authentication, it will automatically redirect to login page if you have not logged in already. Once you login, you will automatically redirected back to the original page.
This is a very nice feature, but there might a small problem in this feature. I will explain this problem with a scenario. Consider user forgot his password, so he goes to password recovery page where he request for his password reset. Once the password is reset, membership control will sent a email to user. User waits for the email, once he receives the email. He will get the password, and goes to login page (Note: here user is going to login page from password recovery page.). Once user enters the username and password, he will be redirected to back password recovery page as password recovery page is users last page.
If you think from user point of view, why after entering the new password in login page user is redirected to password recovery page. Either it should redirect to change password page or to custom page.
To avoid this confusion, you can handle onlogging event of Login control and write the following code,
void Login1_LoggedIn(object sender, EventArgs e)
{
if (Request.QueryString["ReturnUrl"] != null && Request.QueryString["ReturnUrl"].IndexOf("PwdRecovery.aspx") >= 0)
{
Response.Redirect("~/Career/Secure/ChangePwd.aspx");
}
}
Basically, here am just checking if the returnUrl property is point to PasswordRecovery page, then I will redirect the user to ChangePassword page. Similarly you can redirect to any page you want.
Note: Login Control uses ReturnUrl API to redirect the user after login to the original page from where user came.
In my last blog i blogged about customizing email content sent using membership controls.Other important customization is auto-generating passwords to validate the registered user account. By default, CreateUserWizard allows user to enter the email, password and security question and answer. However, this way, you can’t validate the user email id, so you might want to sent the password through mail to the registered user email id. By this way, you can validate the registered use email account.
For this, CreateUserWizard Control provides a feature called “AutoGeneratePassword”. If you set this property to true, CreateUserWizard will auto generate the password for user and sent it to registered email account. Email sent to the user can be customized as explained in my previous blog
Other feature you want in CreateUserWizard is validation for unique email. By default, membership control does not validate the email for uniqueness. You can enable this validation in membership provider setting in .config file.
<membership>
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add connectionStringName="LocalSqlServer" enablePasswordRetrieval="false"
enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/"
requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
providers>
membership>
RequiresUniqueEmail property is set to true in the above settings to enable unique email validation.