Problem with Login control of ASP.NET

RE: The Accepted Answer

I do not like the hack given.

I have a site that uses a login form called "login.aspx" and all works fine. I think we should actually find the answer rather than hack. Since all the [presumably] tested sites work. Do you not think we should actually use StackOverflow to find the ACTUAL problem? (making it much more useful than anywhere else?)

In the LoginCtl_Authenticate event are you setting the EventArgs.Authenticated property to true?

e.g.

protected void LoginCtl_Authenticate(object sender, AuthenticateEventArgs e)
{
   // Check the Credentials against DB
   bool authed = DAL.Authenticate(user, pass);
   e.Authenticated = authed;
}

I have checked the code over in the files you have sent me (thanks again for sending them through).

Note: I have not tested this since I have not installed the database etc..

However, I am pretty sure this is the issue.

You need to set the MembershipProvider Property for your ASP.NET controls. Making the definitions for them:

<asp:Login ID="Login1" runat="server" 
    MembershipProvider="MySqlMembershipProvider">
    <LayoutTemplate>
        <!-- template code snipped for brevity -->
    </LayoutTemplate>
</asp:Login>

And..

<asp:CreateUserWizard ID="CreateUserWizard1" runat="server" 
    MembershipProvider="MySqlMembershipProvider">
        <WizardSteps>
            <asp:CreateUserWizardStep runat="server" />
            <asp:CompleteWizardStep runat="server" />
        </WizardSteps>
    </asp:CreateUserWizard>

This then binds the controls to the Membership Provider with the given name (which you have specified in the Web.Config.

Give this a whirl in your solution and let me know how you get on. I hope this works for you :)

Edit

I should also add, I know you shouldn't need to do this as the default provider is set, but I have had problems in the past with this.. I ended up setting them all to manual and all worked fine.

You normally have a initial folder with the generally accessable forms and a seperate folder with all the login protected items. In the initial folder you have a webconfig with:

   <!--Deny all users -->
   <authorization>
     <deny users="*" />
   </authorization>

In the other folder you can put a seperate webconfig with settings like:

   <!--Deny all users unless autherticated -->
   <authorization>
     <deny users="?" />
   </authorization>

If you want to further refine it you can allow access to a particular role only.

<configuration>
   <system.web>
      <authorization>
         <allow roles="Admins"/>
         <deny users="*"/>
      </authorization>
   </system.web>
</configuration>

This will deny access to anyone who does not have a role of admin, which they can only get if they are logged in sucessfully.

If you want some good background I recommend the DNR TV episode with Miguel Castro on ASP.NET Membership