ValidateUser, Login control and IsApproved/IsLockedOut

Apr 9, 2008 at 4:41 AM
The ValidateUser method doesn't check to see if the user is approved or locked out, hence the login control will by default log in an unapproved or locked out user.
I have seen discussion to the effect that the standard providers do make this check and return false for ValidateUser if a user is unnapproved or locked out, but return no reason as to the login failure, causing user confusion.
But in the case of this provider, I had a moment of confusion when I realised that the login controls were logging in unnapproved users. The way to deal with this without altering the provider is to catch the logged in event & check for approved/locked out status & deal with it accordingly.
But I just wanted to point it out cos it is a tad confusing & the provider most probably should be dealing with it.
Apr 9, 2008 at 8:25 AM
I'll take a look at that.