Go Premium for a chance to win a PS4. Enter to Win


Login / Logout - best practices, redirection and multiple forms submit.

Posted on 2006-11-01
Medium Priority
Last Modified: 2012-06-27
Hi there.

A simple scenario.
There is web user control on each page of my applicatin with two divs runat server: (1) first div with login info (username and password textboxes and submit buttonlink) and (2) second div with logout info (login name info and logout link). Based on the session("username") in webusercontrol_load one of those two divs is shown. So far OK. Or is this already a bad idea? I can not use the built in form authentication as it is used in this application already for administration interface.
So I have my own web user control querying a database and making the authentication for me (setting session("username").

Now I have two little problems:

1) Once a user clicks on the submit (providing username and password) and is successfully authenticated against the database, the session("username") is set and based on this session some other queries fetch data from different sources (for anonymous and registered users). The issue is that when the user views a page which has different content for registered and anonymous users, the databinding (=getting different data) happens BEFORE the web user control sets the session = too early. So in a real life, when I click on the submit button (login user), the page is reloaded, but still with old data (and vice versa during logout the first page refresh shows still the registered user data). I have to reload the page again to get the new data. This is because of the order of events, first the databinding of the SQLDataSet is done and then the Submit_OnClick  event is handled.

I assume there must be a way of doing this (except redirecting to some dummy login page and then redirecting back to the actual page). I was thinking about using sqldataset_01.databind() but I do not know how to accomplish this when I am working inside the web user control and this dataset is inside the page hosting the web user control. I can not access the hosting page controls and this would not be a good idea though as there are many different datasources on different pages. Right? Please advice your best practices.

2) The second issue I am facing now is also related to the login web user control. I have this web user control with username and password and submit buttonlink on a page together with another form - for example registration form, shoppingcart form etc. When I click on the registration form submit buttonlink the login web user control also attempts to submit and vice versa. Although I have set a different validationsets parameters for both submitbuttonlinks this mishmatch happens. How to avoid this?

Thanks for your advices, experts!
Question by:Pedro Keson
  • 6
  • 5
LVL 96

Expert Comment

by:Bob Learned
ID: 17848933
Not quite sure what you mean.


Author Comment

by:Pedro Keson
ID: 17851342
Well to be quick I mean this:

1) when a web user control doing authorization for me against a database authorizes a valid user and sets a proper session variable session("username") to something, the page which hosts this web user control needs to be refreshed again after the user clicks on "login" button as the button_onclick event is processed after the page proceeds databinding to some database which is based on user login.

Page shows data for anonymous user and my web user control with username, password and submit button. Now user inserts his login name and password and clicks submit. Now the login control shows you are loged in as xxxx, logout... but the page shows still data for anonymous user. But when you refresh the same page then the data shows are already for registered user. Because the order of events is:

blabla, gridview_load, blabla, submit_onclick, blabla...
But I can not access the gridview and nothing else from the web user control as it is independent on the page on which it is hosted.

How can I do login so that the login affects the page on which it happens?

2) the second thing is more or less comesric issue. When I have this web user control on a page together with another submit button, submiting either of them (login or for example add to shopping cart) will triger form submition of BOTH of them. I guess it is because there is ONE MAIN FORM on each asp.net page so all submit buttons believe that they belong to tis form, right?

I can not be more specific about my problem. Hope it is enough to give some advice.

LVL 96

Expert Comment

by:Bob Learned
ID: 17851352
Are you logging in on one page, and transferring to another page?

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

by:Pedro Keson
ID: 17852743
No. Th elogin field is on EVERY page and I am not transfering nywhere. It would be an easy job - to do the login logic somewhere and to transfer back to the originating page. I will do it this way in the meantime, but I am sure the even driven access must allow me to do better.
LVL 96

Expert Comment

by:Bob Learned
ID: 17854912
1) You have to login to every page that you access?

2) Or, are you just storing login information on each page?

3) What type of authentication are you using?  Windows, Forms, etc?


Author Comment

by:Pedro Keson
ID: 17855898
Hi Bob.

1) Nope, this is a GENERIC login for the whole user interface. The admin interface (which is not what I have problems with uses built in forms authentication).

2) Nope, I guess. I am not storing login information on every page, I am just showing the login web user control (the mini form) on EACH page.

3) for the user interface it is my own authentication (as the forms authentication was used for admin interface (ADMIN folder inside the root folder) and it is not possible to use twice forms authentication in one project - this is what I figured out here on experts -exchange.

I was dreaming about the whole issue tonight and figured out, that it would be probably good to create some LOGGEDIN event to my web user control which I would test on gridview_load and would do databind then... But it still does not solve the issue with ORDER in which the events are evaluated: 1) the whole page events, then the gridview databinding and then first the button click, which is too late and which is causing me the problem.

LVL 96

Expert Comment

by:Bob Learned
ID: 17857860
Usually what I find with logins, is to create a single login page, and when a user is authenticated transfer to another page where you can assume that the user is authenticated.  If they are not authenticated, they can't just navigate to the same URL for the start page.  You can accomplish this by storing a flag to indicate authentication, and check for each page.  If the user didn't go through the normal login process, then the flag would be set, and they wouldn't be allowed access to each of the pages for the web site.


Author Comment

by:Pedro Keson
ID: 17858014
Hi Bob,
your suggested attitude is fine and OK for pages where you simply do not want anonymous users to see. But What I do is an e-shop so everyone (registered and anonymous users) can access all pages, the only difference is that registered users will see different prices in the price list. And once the user is viewing the price list and logs in through the mini-form on the side of the price list, he is taken back to the same page but prices (gridview) does not get refreshed with new prices as the event binding the gridview to the database is fired BEFORE the event OnCLick which fires the authentication.

So what I need to find out is how to change the order of the events or how accomplish above described scenario without redirecting to another page which redirects back to the pricelist (which is what I do now and it works fine, but I find it rather unprofessional in event driven language).

LVL 96

Expert Comment

by:Bob Learned
ID: 17858403
I think that I understand what you are describing--the button click event happens after the Page.Load event.  In the Page.Load event you can determine if the button was clicked by examing the __EVENTTARGET from the Request.Form.


Author Comment

by:Pedro Keson
ID: 17858618
What a good news! This might be what I am looking for. Can you be more specific?
Does it actually help me to evaluate the user credentials against the database before the rest of the page will be rendered?

Bob, as I wrote, I managed my situation with the double redirect so if it is too exhausting tor you, just forget it. But if you can give me an easy example for the usage of EVENTTARGET thing I will be very happy!

LVL 96

Accepted Solution

Bob Learned earned 400 total points
ID: 17859863
Here are some resources:

Default Button Submissions in ASP.NET Pages

  // *** Must handle case where user is 'auto-submitting'
  //     without clicking the button.

  if ( Request.Form["btnSubmit"] == null )

How to know which HTML-object was clicked

Protected Sub EnsurePostBack()
    Dim Frm As Control = Me.FindControl("Form1")
    Dim HPB As Boolean = HasPostBacks(Frm)
    If Not HPB Then
        Dim EventTarget As HtmlInputHidden = New HtmlInputHidden()
        Dim EventArguments As HtmlInputHidden = New HtmlInputHidden()
        EventTarget.ID = "__EVENTTARGET"
        EventTarget.Name = "__EVENTTARGET"
        EventArguments.ID = "__EVENTARGUMENT"
        EventArguments.Name = "__EVENTARGUMENT"
    End If
End Sub


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Screencast - Getting to Know the Pipeline
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question