Simple login page not identifying authenticated user correctly

Hi,

I have a simple login page that I'm trying to redirect the user on login if their password is greater than 90 days old or if their password needs to be reset.  In other functions, I add "Force PW Reset" in the Comment field of the membership table so that if this value is found then the user must reset their password.

The problem is that .Net is saying that when I try to identify the user, that the object is not set to an instance of an object.  I've tried using the code onAuthenticate, onLoggingIn, onLoggedIn, and on a button click function.

here is the code that I'm using
<%@ Page Title="Log in" Language="C#" MasterPageFile="~/Site.Master" AutoEventWireup="true" %>
<%@ MasterType VirtualPath='~/site.master' %>

<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Collections.Generic" %>
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Web" %>
<%@ Import Namespace="System.Web.UI" %>
<%@ Import Namespace="System.Web.UI.WebControls" %>

<%@ Import Namespace="System.IO" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Net" %>
<script runat='server'>
    public void Page_Load(object sender, EventArgs e)
    {
        this.Form.Action = "users\\login.aspx";
    }

    protected void Login1_LoggedIn(object sender, EventArgs e)
    {

        //string username1 = Username;
        
       // Response.Redirect("~/default.aspx");
        
        // Create current membership user object
        TextBox tb = (TextBox)login1.FindControl("UserName");
        MembershipUser user = Membership.GetUser(tb.ToString());
        //MembershipUser user = Membership.GetUser(Context.User.Identity.Name);
        //MembershipUser user = Membership.GetUser(User.Identity.Name);


        
        // If user object is null then redirect on login page
        if (user == null)
        {
           Response.Redirect("~/users/login.aspx?type=invalid");
        }
        
        
        
        // Check last change date + 90 days is less then today's date
        if (user.Comment == "Force PW Change")
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=reset");
        }
        // Check last change date + 90 days is less then today's date

        DateTime today = DateTime.Now;
        DateTime answer = user.LastPasswordChangedDate.AddDays(90);
        DateTime test =     user.LastPasswordChangedDate.AddDays(90);
        
        if (answer > today)
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=expired");
        }
        else
        {

            
            if (Request.QueryString["ReturnUrl"] != null)
            {
                FormsAuthentication.RedirectFromLoginPage(user.UserName, false);
            }
            else
            {
                Response.Redirect("~/default.aspx?type=none");
            }
                
        }*/

    }


    protected void Login_Click(object sender, System.EventArgs e)
    {

        TextBox tb = (TextBox)login1.FindControl("UserName");
        MembershipUser user = Membership.GetUser(tb.ToString());
        //MembershipUser user = Membership.GetUser(Context.User.Identity.Name);
        //MembershipUser user = Membership.GetUser(User.Identity.Name);


        tester.Text = "tb value = " + tb.ToString();
        
        // If user object is null then redirect on login page
        if (user == null)
        {
            Response.Redirect("~/users/login.aspx?type=invalid");
        }



        // Check last change date + 90 days is less then today's date
        if (user.Comment == "Force PW Change")
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=reset");
        }
        // Check last change date + 90 days is less then today's date

        DateTime today = DateTime.Now;
        DateTime answer = user.LastPasswordChangedDate.AddDays(90);
        DateTime test = user.LastPasswordChangedDate.AddDays(90);

        if (answer > today)
        {
            //query string is used to identify if user's password is
            // expired or he came on this page to change his password anyway
            Response.Redirect("~/users/manage.aspx?type=expired");
        }
        else
        {


            if (Request.QueryString["ReturnUrl"] != null)
            {
                Response.Redirect("~/default.aspx?type=something");
            }
            else
            {
                Response.Redirect("~/default.aspx?type=none");
            }

        }
    }

    
</script>

<asp:Content runat="server" ID="BodyContent" ContentPlaceHolderID="MainContent">
    
                    
        <asp:label id='tester' runat='server'/>

    <section id="loginForm">
        <asp:Login id="login1" runat="server" ViewStateMode="Disabled" RenderOuterTable="false"  OnLoggedIn="Login1_LoggedIn">
            <LayoutTemplate>
                <p class="validation-summary-errors">
                    <asp:Literal runat="server" ID="FailureText" />
                </p>

                
                    <table class="cssdetailsview" cellspacing="0" rules="all" ItemStyle-CssClass="item" border="1" style="border-collapse:collapse;">

                     <tr class="header">
                            <td colspan="2">Log in Form</td>
                    </tr>

                    
                    <tr class="altrow">
			        <td class="fieldheader">User name:
                    </td>
                    <td><asp:TextBox runat="server" ID="UserName" />
                            <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="UserName" CssClass="field-validation-error" ErrorMessage="The user name field is required." />
                    </td>
                    </tr>
                    <tr>
			        <td class="fieldheader">Password:
                    </td>
                    <td><asp:TextBox runat="server" ID="Password" TextMode="Password" />
                    <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="Password" CssClass="field-validation-error" ErrorMessage="The password field is required." />
                        
                    </td>
                    </tr>
                    
                    <tr class="altrow">
			        <td class="fieldheader">Remember me:
                    </td>
                    <td><asp:CheckBox runat="server" ID="RememberMe" />
                    </td>
                    </tr>
                    <tr>
			        <td style='border-right:none !Important;'>
                    </td>
                    <td style='border-left:none !Important;'><asp:Button ID="Login" runat="server" CommandName="Login" Text="Log in" /><br /><br /><a href="users\register.aspx" title="Register">Register</a> if you don't have an account.
                    </td>
                    </tr>
                </table>

            </LayoutTemplate>
        </asp:Login>
    </section>

</asp:Content>

Open in new window


I'm sure that I don't need both the loggedIn and the login_click function, I'm just not getting anywhere on this one.
atljarmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Johny BravoCommented:
You can create a method in global.asax :

void Application_PostAuthenticateRequest(object sender, EventArgs e)
{
    if (this.User.Identity.IsAuthenticated)
    {
        // get user
        MembershipUser user = Membership.GetUser();

        // has their password expired?
        if (user != null
            && user.LastPasswordChangedDate.Date.AddDays(90) < DateTime.Now.Date
            && !Request.Path.EndsWith("/Account/ChangePassword.aspx"))
        {
            Server.Transfer("~/ChangePassword.aspx");
        }
    }
}
0
Kamal KhaleefaInformation Security SpecialistCommented:
i think you should change this line

 MembershipUser user = Membership.GetUser(tb.ToString());

to

 MembershipUser user = Membership.GetUser(tb.Text..ToString());
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
atljarmanAuthor Commented:
King, your solution was simple in the page and worked.  I was not able to modify the ascx file
0
atljarmanAuthor Commented:
Thanks for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.