How to By-pass the OOB Login.aspx page of a FBA site when logging in from External Site with right Credentials

  • Article

In the absence of valid cookie the users are redirected to the Login page in the FBA site. If you want to bypass the login page and want to validate the user before the successful login then we need to validate the user in the OnLoad event of login page and need to redirect to the home page of the site. To validate the user we need to call the “ValidateUser” method of the current membership provider of the FBA configuration. As we cannot modify the OOB login page, we need to create a custom login page and validate and redirect the user in the OnLoad event.

1. To achieve this requirement we need to create a custom login page for the FBA site. We need to mention this custom login page as the LoginUrl in the web.config

2. In the OnLoad() event of the custom login page we need to validate the user.

3. To validate the user we need to use the ValidateUser() method of the membership API. It will call the “ValidateUser()” method of the current membership provider configured in the web.config.

4. We need to use the Post method cross page submission from the external login page to pass the credentials to the custom login page of FBA site.

Following is the code snippet of the custom login page OnLoad Event

protected override void OnLoad(EventArgs e)

{

if (Request.QueryString["externalCMS"] != null)

{

if (Request.Form["t1"] != null && Request.Form["t2"] != null)

{

string strUserId = Request.Form["t1"].ToString(); // Username passed from the external login page through post method

string strPwd = Request.Form["t2"].ToString(); // Password passed from the external login page through post method

if (Membership.ValidateUser(strUserId, strPwd))

{

FormsAuthentication.RedirectFromLoginPage(strUserId, false);

}

else

{

Response.Redirect("https://localhost/cmslogin.asp?error=invalidecredentials");

}

}

}

}