I know this question is asked (and answered) a lot already, but I believe my situation is unique.
We are using the ASP.NET SqlMembershipProvider. However, we also have some less-secure content we would like to secure by adding users directly to the web.config, like so...
<forms loginUrl="login.aspx" defaultUrl="default.aspx">
<credentials passwordFormat="Clear">
<user name="user1" password="123" />
<user name="user2" password="456" />
</credentials>
</forms>
Is it possible to use this method alongside a SQL Membership Provider? If so, how?
I know it's bad practice to do this. This is only a stepping stone as we move parts of our website into the asp.net application. We would like some of those password to be easily editable without going to the database.
I found my answer here: ASP.NET - Login Control with Credentials in web.config file
For my ValidateUser logic, I needed to use:
if (_provider.ValidateUser(username, password)) {
return true;
}
else {
return FormsAuthentication.Authenticate(username, password);
}
I knew how to authenticate using a provider, but the key was the ELSE clause, and authenticating using the web.config credentials.