30.5. Login Form

Earlier, when you were introduced to Forms authentication, we used a hard-coded username and password in order to validate the user. While it would be possible for the application to prompt the user for credentials before calling ValidateUser with the supplied values, there is a better way that uses the client application services framework. Instead of calling ValidateUser with a username/password combination, we go back to supplying Nothing as the argument values and define a credential provider: then the client application services will call the provider to determine the set of credentials to use.

Private Sub Form1_Load(ByVal sender As System.Object, _
                        ByVal e As System.EventArgs) Handles MyBase.Load
    If Membership.ValidateUser(Nothing, Nothing) Then
        MessageBox.Show ("User is valid")

This probably sounds more complex than it is, so let's start by adding a login form to the client application. Do this by selecting the Login Form template from the Add New Item dialog and calling it LoginForm. While you have the form designer open, click the "OK" button and change the DialogResult property to OK.

In order to use this login form as a credential provider, we will modify it to implement the IclientFormsAuthenticationCredentialsProvider interface. An alternative strategy would be to have a separate class that implements this interface and then displays the login form when the GetCredentials method is called. The following code snippet contains the code-behind file for the LoginForm class, showing the implementation of the IClientFormsAuthenticationCredentialsProvider interface.

Imports System.Web.ClientServices.Providers

Public Class LoginForm
    Implements IClientFormsAuthenticationCredentialsProvider

    Public Function GetCredentials() As ClientFormsAuthenticationCredentials _
            Implements IClientFormsAuthenticationCredentialsProvider.GetCredentials
        If Me.ShowDialog() = DialogResult.OK Then
            Return New ClientFormsAuthenticationCredentials(UsernameTextBox.Text, _
                                                            PasswordTextBox.Text, _
                                                            False)
        Else
            Return Nothing
        End If
    End Function
End Class

As you can see from this snippet, the GetCredentials method returns ClientFormsAuthenticationCredentials if credentials are supplied, or Nothing if "Cancel" is clicked. Clearly this is only one way to collect credentials information, and there is no requirement that you prompt the user for this information. (The use of dongles or employee identification cards are common alternatives.)

With the credentials provider created, it is just a matter of informing the client application services that they should use it. You do this via the "Optional: Credentials provider" field on the Services tab of the project properties designer, as shown in Figure 30-5.

Now when you run the application, you will be prompted to enter a username and password in order to access the application. This information will then be passed to the membership provider on the server to validate the user.

Figure 30.5. Figure 30-5