Example: Allow Only Active Users to Login

July 23, 2009
Iron Speed Designer V6.2 and later

If you have an Active / Inactive flag in your application’s user table and would like only active users to login, you can accomplish this in multiple ways using Iron Speed Designer.

Use a database view

The simplest way is to create a database view in your database that only contains the Active users and excludes Inactive users.  Then you can use this database view as the User “table” in the Application Security Wizard in Iron Speed Designer.

Use a code customization

Step 1: In Iron Speed Designer, create an application using a database table, such as the Orders table in Northwind.

Step 2:  Enable application security using the Application Security Wizard in Iron Speed Designer.  Select “Grant Access only to signed-in users”.

Step 3: Override the Login() method in SignIn_Control.Control.vb or .cs using a code customization.  The Login() method is defined in BaseSignIn_Control.vb or .cs, located in:

Security\SignIn.aspx.cs (.vb)

Your code customization might look something like:

C#:

using MyApp12.<namespace of your User Table >;

 

public void Login(bool redirectOnSuccess)

{

     string strUserName = this.UserName.Text;

     string strPassword = this.Password.Text;

 

     // Check if user has entered the user name and password.

     if (((strUserName != "") && (strPassword != "")))

     {

          // Construct a WHERE clause to retrieve the record that

          // matches the specified username

          string colName = UsersTable.Instance.UserNameColumn.UniqueName;

          string whereStr = colName + "= '" + strUserName + "'";

          UsersRecord rec = UsersTable.GetRecord(whereStr);

 

          // Check if this is a valid user and is active

          if (((rec == null) || (!rec.Active)))

          {

               // Display an error message and return

               // For testing purpose, you can change the message with

               // different string to check if it works

              ProcessLoginFailed("Invalid login information.<br>Please enter a valid user name.", strUserName);

              return;

          }

          // Otherwise, fall through to call the Base Class's Login function.

     }

     this.Login_Base(redirectOnSuccess);

}

Visual Basic .NET:

Imports MyApp.<Namespace of your User Table>

 

Public Sub Login(ByVal bRedirectOnSuccess As Boolean)

     Dim strUserName As String = Me.UserName.Text

     Dim strPassword As String = Me.Password.Text

 

     'Check if user has entered the user name and password.

     If (strUserName <> "" AndAlso strPassword <> "") Then

          ' Construct a WHERE clause to retrieve the record that

          ' matches the specified username

          Dim columnName As String = UsersTable.Instance.UserNameColumn.UniqueName

          Dim whereStr As String = columnName & "= '" & strUserName & "'"

          Dim rec As UsersRecord = UsersTable.GetRecord(whereStr)

 

          ' Check to see if this is a valid user and is active

          If ((IsNothing(rec)) OrElse Not(rec.Active)) Then

               ' Display an error message and return

               ' For testing purpose, you can change ERR_INVALID_LOGIN_INFO

              ' with a different string to check if it works

              ProcessLoginFailed(ERR_INVALID_LOGIN_INFO, strUserName)

              Return

          End If

          ' Otherwise fall through to call the base class's Login function.

     End If

     Me.Login_Base(bRedirectOnSuccess)

End Sub

Step 4:  Build and run your application.

See Also

Customizing Application Security

Implementing Custom User Authentication

Example: Overriding Security at the Page Level

Example: Programmatically Accessing the Currently Logged-in User

Example: Access User Name and Password from Sign In Control

Example: Allow Only Active Users to Login

Example: Encrypting Passwords Before Saving to the Database

Example: Restrict Login after Incorrect Password Used