开发者

Display custom errors when using ASP.NET MembershipProvider

I'm using a custom MembershipProvider in my application, and it's all wired up correctly. The only missing piece is the ab开发者_JAVA技巧ility to display custom error messages depending on the result of the authentication.

The ValidateUser() method only returns true or false, but I would like to also return a more detailed message in case the validation fails. At the moment I'm using a Session variable to store it, and then read that variable in the login page.

Is there a better way of doing it?


More detailed message from ValidateUser can produce security vulnerability.

You can validate input strings before call ValidateUser.


As @gandjustas says, there's not much you can do from within the custom membership provider, as ValidateUser only gives true or false when authenticating, to reduce unintentional leakage of information that could help an attacker.

As you say, though, you may want to pass back more information to the user, such as "Your account has not yet been approved", and this is the situation that I am in. The following Stack Overflow posting may be of some assistance, particularly the first link given in the accepted answer.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜