Login / Logout - best practices, redirection and multiple forms submit.
Posted on 2006-11-01
A simple scenario.
There is web user control on each page of my applicatin with two divs runat server: (1) first div with login info (username and password textboxes and submit buttonlink) and (2) second div with logout info (login name info and logout link). Based on the session("username") in webusercontrol_load one of those two divs is shown. So far OK. Or is this already a bad idea? I can not use the built in form authentication as it is used in this application already for administration interface.
So I have my own web user control querying a database and making the authentication for me (setting session("username").
Now I have two little problems:
1) Once a user clicks on the submit (providing username and password) and is successfully authenticated against the database, the session("username") is set and based on this session some other queries fetch data from different sources (for anonymous and registered users). The issue is that when the user views a page which has different content for registered and anonymous users, the databinding (=getting different data) happens BEFORE the web user control sets the session = too early. So in a real life, when I click on the submit button (login user), the page is reloaded, but still with old data (and vice versa during logout the first page refresh shows still the registered user data). I have to reload the page again to get the new data. This is because of the order of events, first the databinding of the SQLDataSet is done and then the Submit_OnClick event is handled.
I assume there must be a way of doing this (except redirecting to some dummy login page and then redirecting back to the actual page). I was thinking about using sqldataset_01.databind() but I do not know how to accomplish this when I am working inside the web user control and this dataset is inside the page hosting the web user control. I can not access the hosting page controls and this would not be a good idea though as there are many different datasources on different pages. Right? Please advice your best practices.
2) The second issue I am facing now is also related to the login web user control. I have this web user control with username and password and submit buttonlink on a page together with another form - for example registration form, shoppingcart form etc. When I click on the registration form submit buttonlink the login web user control also attempts to submit and vice versa. Although I have set a different validationsets parameters for both submitbuttonlinks this mishmatch happens. How to avoid this?
Thanks for your advices, experts!