A) Book I’m learning from says that if we handle Login.Authenticate event, then we have to authenticate users on our own. Thus control won’t automatically validate username and password. I thought book suggested this would only happen if we override Login.OnAuthenticate() method, but it appears that even if only add an event handler for Authenticate event, the automatic authentication doesn’t happen.
But why is that? Why doesn’t event handling work like it does with Init or Load events, where you essentially have to override Page.OnInit() and Page.OnLoad() in order gain control over event handling?
B) I checked MSDN site and it basically recommends that if we do override Login.OnAuthenticate(), we should also call base.OnAuthenticate(). But then, why would we ever need to override Login.OnAuthenticate(), if we get the same effect with simply declaring an event handler for Login.Authenticate?
thanx
Best Answer
You should not override
OnAuthenticate
. This method is only used internally to either raise theAuthenticate
event to registered handlers if there are any or authenticate via the currentMembershipProvider
if there are no handlers registered. So, to implement custom authentication for theLogin
control, you simply register a handler for theAuthenticate
event and set theAuthenticateEventArgs.Authenticated
property.Event handling for the
Authenticate
event works exactly the same as for other events. The only difference is that theOnAuthenticate
method has some logic that determines whether to use aMembershipProvider
or a registered event handler for authentication.If you do create a subclass of
Login
and overrideLogin.OnAuthenticate
, it is wise to callbase.OnAuthenticate(...)
because it contains the logic that calls the registered event handlers. If you do not callbase.Authenticate(...)
, you should call the registered event handlers yourself. But creating a subclass ofLogin
is probably not necessary in your situation.