Friday, August 03, 2007

Take Custom Action Upon SharePoint FBA User Login

Many of our customers have use cases where by they would like to take a specific custom action when an FBA (forms based authentication) user logs in to their SharePoint Extranet. Some examples may be to update a back-end CRM system, or redirect the user to a specific page. It is actually fairly simple to implement this logic. The Visual Studio project and source code for this article can be downloaded by clicking the download link at the bottom of this page.
First under the 12 hive, open the C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS folder. Find the login.aspx file, and make a copy of it called CustomLogin.aspx. This will be our new user login page.
Next, open the web.config for your SharePoint application, find the <authentication/> element, and change it from:
    <authentication mode="Forms">
      <forms loginUrl="/_layouts/login.aspx" />
    <authentication mode="Forms">
      <forms loginUrl="/_layouts/CustomLogin.aspx" />
Now, create a new Class Library project in Visual Studio, or alternatively download my sample project from the link below. Your project will need references to Microsoft.SharePoint.dll, Microsoft.SharePoint.ApplicationPages.dll, and System.Web.
Rename the automatically created Class1.cs to CustomLoginPage.cs. To save time and effort, the CustomLoginPage class will derive from Microsoft.SharePoint.ApplicationPages.LoginPage. Here's what the class should look like:
using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Web.Security;

namespace SPSolutions.Custom
    public class CustomLoginPage : Microsoft.SharePoint.ApplicationPages.LoginPage    {
        protected override void OnLoad(EventArgs e)
            this.login.LoggedIn += new EventHandler(OnLoggedIn);

        // Fires after user has sucessfully logged in        void OnLoggedIn(object sender, EventArgs e)
            // Get the user            MembershipUser user = Membership.GetUser(this.login.UserName);

            if (user != null)
                // Do something interesting such as redirect or update CRM            }
As you can see, it is a simple matter of subscribing to the base page's login control's LoggedIn event, and then taking action when that event fires. Inside the event handler, you can instantiate a MembershipUser object for the newly logged in user, and then do something interesting.
It should also be noted that the login control has three other events which may be salient to your particular use case.
  • LoggingIn - Occurs when a user submits login information, but before authentication takes place.

  • Authenticate - Occurs when a user is authentication takes place.

  • LoggedIn - Occurs when a user logs in to the web site, and has been authenticated.

  • LoginError - Occurs when a login error is detected.
Next, open the CustomLogin.aspx page created in the first step, and modify its Assembly and Page declarations to point towards the new custom code behind assembly. If you're using my sample project, your declaration will look exactly like this:
<%@ Assembly Name="SPSolutions.Custom, Version=, Culture=neutral, PublicKeyToken=e9db3057acd9c0f6"%> 
<%@ Page Language="C#" Inherits="SPSolutions.Custom.CustomLoginPage" MasterPageFile="~/_layouts/simple.master"%>
Finally, place the compiled assembly into the _app_bin folder of your SharePoint web application (e.g. C:\Inetpub\wwwroot\wss\VirtualDirectories\\_app_bin). Optionally, you could also place the assembly into the GAC.


Anonymous said...

I tried your solution and it works - sort of. I get and HRESULT exception until someone logs into the site under windows auththentication. Thereafter, my FBA works fine, until IISresets that is and then I'm back to getting the exception. Ideas?

sonaly said...


I am not able to download your solution. Please let me know how do I download?

Peter Roth said...


Please try one more time. I have just tested that the download works.

Peter Roth
SharePoint Solutions
Software Division

Anonymous said...

Hello Peter, I am also unable to download the source. After following your steps I am getting below error:

File Not Found. at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection)
at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection)
at System.Reflection.Assembly.Load(String assemblyString)
at System.Web.Configuration.CompilationSection.LoadAssembly(String assemblyName, Boolean throwOnFail)
at System.Web.UI.TemplateParser.AddAssemblyDependency(String assemblyName, Boolean addDependentAssemblies)
at System.Web.UI.TemplateParser.ProcessDirective(String directiveName, IDictionary directive)
at System.Web.UI.TemplateParser.ParseStringInternal(String text, Encoding fileEncoding)

Please help.


Unknown said...

I'm trying to raise a custom WebAuthenticationSuccessAuditEvent or WebAuthenticationFailureAuditEvent depending on whether the login attempt was successful.

I'm adding an new event handler to the Authenticate event but e.Authenticated is always false and it's saying that my username and password is invalid. Any ideas why??

Unknown said...

It worked for me. But 1 thing i must say that it took 2-3 hours getting to know, where does Microsoft.SharePoint.ApplicationPagesassempbly resides. it actually resides @ C:\Inetpub\wwwroot\wss\VirtualDirectories\[WebAppPort]\_app_bin folder.