A) Book I’m learning from says that if we handle Login.Authenticate event, then we have to authenticate users on our own. Thus control won’t automatically validate username and password. I thought book suggested this would only happen if we override Login.OnAuthenticate() method, but it appears that even if only add an event handler for Authenticate event, the automatic authentication doesn’t happen.
But why is that? Why doesn’t event handling work like it does with Init or Load events, where you essentially have to override Page.OnInit() and Page.OnLoad() in order gain control over event handling?
B) I checked MSDN site and it basically recommends that if we do override Login.OnAuthenticate(), we should also call base.OnAuthenticate(). But then, why would we ever need to override Login.OnAuthenticate(), if we get the same effect with simply declaring an event handler for Login.Authenticate?
thanx
Best Answer
You should not override
OnAuthenticate. This method is only used internally to either raise theAuthenticateevent to registered handlers if there are any or authenticate via the currentMembershipProviderif there are no handlers registered. So, to implement custom authentication for theLogincontrol, you simply register a handler for theAuthenticateevent and set theAuthenticateEventArgs.Authenticatedproperty.Event handling for the
Authenticateevent works exactly the same as for other events. The only difference is that theOnAuthenticatemethod has some logic that determines whether to use aMembershipProvideror a registered event handler for authentication.If you do create a subclass of
Loginand overrideLogin.OnAuthenticate, it is wise to callbase.OnAuthenticate(...)because it contains the logic that calls the registered event handlers. If you do not callbase.Authenticate(...), you should call the registered event handlers yourself. But creating a subclass ofLoginis probably not necessary in your situation.