Membership.ValidateUser(username, password) returns a bool indicating if the login succeeded or failed..
How can I know more specifically if it was the password or the username that was invalid?
Thanks
You could pretty easly execute MembershipProvider.ValidateUser() and then, if it were invalid, search for the user by name using the MembershipProvider.GetUser() method. If you found somebody then you could tell them that their password was incorrect as the user does exist.
That said, I would not want to give an attacker an easy method of establishing valid usernames in my system. YMMV.