Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Login / Logout - best practices, redirection and multiple forms submit.

Posted on 2006-11-01
Medium Priority
Last Modified: 2012-06-27
Hi there.

A simple scenario.
There is web user control on each page of my applicatin with two divs runat server: (1) first div with login info (username and password textboxes and submit buttonlink) and (2) second div with logout info (login name info and logout link). Based on the session("username") in webusercontrol_load one of those two divs is shown. So far OK. Or is this already a bad idea? I can not use the built in form authentication as it is used in this application already for administration interface.
So I have my own web user control querying a database and making the authentication for me (setting session("username").

Now I have two little problems:

1) Once a user clicks on the submit (providing username and password) and is successfully authenticated against the database, the session("username") is set and based on this session some other queries fetch data from different sources (for anonymous and registered users). The issue is that when the user views a page which has different content for registered and anonymous users, the databinding (=getting different data) happens BEFORE the web user control sets the session = too early. So in a real life, when I click on the submit button (login user), the page is reloaded, but still with old data (and vice versa during logout the first page refresh shows still the registered user data). I have to reload the page again to get the new data. This is because of the order of events, first the databinding of the SQLDataSet is done and then the Submit_OnClick  event is handled.

I assume there must be a way of doing this (except redirecting to some dummy login page and then redirecting back to the actual page). I was thinking about using sqldataset_01.databind() but I do not know how to accomplish this when I am working inside the web user control and this dataset is inside the page hosting the web user control. I can not access the hosting page controls and this would not be a good idea though as there are many different datasources on different pages. Right? Please advice your best practices.

2) The second issue I am facing now is also related to the login web user control. I have this web user control with username and password and submit buttonlink on a page together with another form - for example registration form, shoppingcart form etc. When I click on the registration form submit buttonlink the login web user control also attempts to submit and vice versa. Although I have set a different validationsets parameters for both submitbuttonlinks this mishmatch happens. How to avoid this?

Thanks for your advices, experts!
Question by:Pedro Keson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
LVL 96

Expert Comment

by:Bob Learned
ID: 17848933
Not quite sure what you mean.


Author Comment

by:Pedro Keson
ID: 17851342
Well to be quick I mean this:

1) when a web user control doing authorization for me against a database authorizes a valid user and sets a proper session variable session("username") to something, the page which hosts this web user control needs to be refreshed again after the user clicks on "login" button as the button_onclick event is processed after the page proceeds databinding to some database which is based on user login.

Page shows data for anonymous user and my web user control with username, password and submit button. Now user inserts his login name and password and clicks submit. Now the login control shows you are loged in as xxxx, logout... but the page shows still data for anonymous user. But when you refresh the same page then the data shows are already for registered user. Because the order of events is:

blabla, gridview_load, blabla, submit_onclick, blabla...
But I can not access the gridview and nothing else from the web user control as it is independent on the page on which it is hosted.

How can I do login so that the login affects the page on which it happens?

2) the second thing is more or less comesric issue. When I have this web user control on a page together with another submit button, submiting either of them (login or for example add to shopping cart) will triger form submition of BOTH of them. I guess it is because there is ONE MAIN FORM on each page so all submit buttons believe that they belong to tis form, right?

I can not be more specific about my problem. Hope it is enough to give some advice.

LVL 96

Expert Comment

by:Bob Learned
ID: 17851352
Are you logging in on one page, and transferring to another page?

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

by:Pedro Keson
ID: 17852743
No. Th elogin field is on EVERY page and I am not transfering nywhere. It would be an easy job - to do the login logic somewhere and to transfer back to the originating page. I will do it this way in the meantime, but I am sure the even driven access must allow me to do better.
LVL 96

Expert Comment

by:Bob Learned
ID: 17854912
1) You have to login to every page that you access?

2) Or, are you just storing login information on each page?

3) What type of authentication are you using?  Windows, Forms, etc?


Author Comment

by:Pedro Keson
ID: 17855898
Hi Bob.

1) Nope, this is a GENERIC login for the whole user interface. The admin interface (which is not what I have problems with uses built in forms authentication).

2) Nope, I guess. I am not storing login information on every page, I am just showing the login web user control (the mini form) on EACH page.

3) for the user interface it is my own authentication (as the forms authentication was used for admin interface (ADMIN folder inside the root folder) and it is not possible to use twice forms authentication in one project - this is what I figured out here on experts -exchange.

I was dreaming about the whole issue tonight and figured out, that it would be probably good to create some LOGGEDIN event to my web user control which I would test on gridview_load and would do databind then... But it still does not solve the issue with ORDER in which the events are evaluated: 1) the whole page events, then the gridview databinding and then first the button click, which is too late and which is causing me the problem.

LVL 96

Expert Comment

by:Bob Learned
ID: 17857860
Usually what I find with logins, is to create a single login page, and when a user is authenticated transfer to another page where you can assume that the user is authenticated.  If they are not authenticated, they can't just navigate to the same URL for the start page.  You can accomplish this by storing a flag to indicate authentication, and check for each page.  If the user didn't go through the normal login process, then the flag would be set, and they wouldn't be allowed access to each of the pages for the web site.


Author Comment

by:Pedro Keson
ID: 17858014
Hi Bob,
your suggested attitude is fine and OK for pages where you simply do not want anonymous users to see. But What I do is an e-shop so everyone (registered and anonymous users) can access all pages, the only difference is that registered users will see different prices in the price list. And once the user is viewing the price list and logs in through the mini-form on the side of the price list, he is taken back to the same page but prices (gridview) does not get refreshed with new prices as the event binding the gridview to the database is fired BEFORE the event OnCLick which fires the authentication.

So what I need to find out is how to change the order of the events or how accomplish above described scenario without redirecting to another page which redirects back to the pricelist (which is what I do now and it works fine, but I find it rather unprofessional in event driven language).

LVL 96

Expert Comment

by:Bob Learned
ID: 17858403
I think that I understand what you are describing--the button click event happens after the Page.Load event.  In the Page.Load event you can determine if the button was clicked by examing the __EVENTTARGET from the Request.Form.


Author Comment

by:Pedro Keson
ID: 17858618
What a good news! This might be what I am looking for. Can you be more specific?
Does it actually help me to evaluate the user credentials against the database before the rest of the page will be rendered?

Bob, as I wrote, I managed my situation with the double redirect so if it is too exhausting tor you, just forget it. But if you can give me an easy example for the usage of EVENTTARGET thing I will be very happy!

LVL 96

Accepted Solution

Bob Learned earned 400 total points
ID: 17859863
Here are some resources:

Default Button Submissions in ASP.NET Pages

  // *** Must handle case where user is 'auto-submitting'
  //     without clicking the button.

  if ( Request.Form["btnSubmit"] == null )

How to know which HTML-object was clicked

Protected Sub EnsurePostBack()
    Dim Frm As Control = Me.FindControl("Form1")
    Dim HPB As Boolean = HasPostBacks(Frm)
    If Not HPB Then
        Dim EventTarget As HtmlInputHidden = New HtmlInputHidden()
        Dim EventArguments As HtmlInputHidden = New HtmlInputHidden()
        EventTarget.ID = "__EVENTTARGET"
        EventTarget.Name = "__EVENTTARGET"
        EventArguments.ID = "__EVENTARGUMENT"
        EventArguments.Name = "__EVENTARGUMENT"
    End If
End Sub


Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have developed many web applications with asp & and to add and use a dropdownlist was always a very simple task, but with the new, setting the value is a bit tricky and its not similar to the old traditional method. So in this a…
Today is the age of broadband.  More and more people are going this route determined to experience the web and it’s multitude of services as quickly and painlessly as possible. Coupled with the move to broadband, people are experiencing the web via …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question