ValidateUser, Login control and IsApproved/IsLockedOut

Apr 9, 2008 at 3:41 AM
The ValidateUser method doesn't check to see if the user is approved or locked out, hence the asp.net login control will by default log in an unapproved or locked out user.
I have seen discussion to the effect that the standard providers do make this check and return false for ValidateUser if a user is unnapproved or locked out, but return no reason as to the login failure, causing user confusion.
But in the case of this provider, I had a moment of confusion when I realised that the login controls were logging in unnapproved users. The way to deal with this without altering the provider is to catch the logged in event & check for approved/locked out status & deal with it accordingly.
But I just wanted to point it out cos it is a tad confusing & the provider most probably should be dealing with it.
Coordinator
Apr 9, 2008 at 7:25 AM
I'll take a look at that.

Regards,