I'm trying to make my own login functionality without using Membership Provider, but after I login using the System.Web.UI.WebControls.Login control and set the authentication cookie using FormsAuthentication.SetAuthCookie(username, rememberMe);
I got the following error message
Default Membership Provider must be specified.
I wonder why it must be specified ?
I know this is old, but I just stumbled across the question and since I've done this wanted to share my solution in case anyone else should have need.
The catch is you need to handle the OnAuthenticate event of the asp:Login control. In the simplest form you would have this in the aspx:
<asp:Login ID="Login1" runat="server" OnAuthenticate="Login1_Authenticate">
</asp:Login>
And this in the code behind:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) {
e.Authenticated = FormsAuthentication.Authenticate(Login1.UserName, Login1.Password);
}
And this in web.config:
<membership>
<providers>
<clear/>
</providers>
</membership>
<authorization>
<allow users="?"/>
</authorization>
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/Login.aspx" path="/" protection="None" name="user_login_cookie">
<credentials passwordFormat="Clear">
<user name="user" password="password_in_clear!"/>
</credentials>
</forms>
</authentication>
This will get you a simple login form with a hardcoded user in web.config. Good for prototypes and demos, please don't put user accounts in web.configs for live sites!
The System.Web.UI.WebControls.Login is tightly coupled to the Membership Providers. If you want to log in without a Membership Provider, you should just make your own login form with textboxes and buttons.
You have to add a section to your web.config telling it where to look for your membership roster. this will be either a database containing users, an active directory group, etc. otherwise, how does your app know where to authenticate your users?
Check out MSDN's Introduction to Membership for more information.
I could use it without making my own login form. I've just removed the membership provider section from the webconfig.