ERROR: Object reference not set to an instance of an object. (occurs on the first line assigning a value to session)

Imports System.Web.Security.MembershipUser
Imports System.Web.Profile
Imports System.web.SessionState

Partial Class Login
Inherits System.Web.UI.Page
Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn
Dim User As MembershipUser
User = Membership.GetUser()
HttpContext.Current.Session("UserGUID") = User.ProviderUserKey.ToString
HttpContext.Current.Session("UserName") = User.UserName.ToString
End Sub

"User" is probably equal to "Nothing"

If the user is not available at this point, then what is the correct code to capture the login information (at login) and store it into session?

GetUser() only works for authenticated users, check with User.Identity.IsAuthenticated if the user was really authenticated.

If the user was authenticated and you still obtaining Nothing with GetUser() that means that the "username" of the authenticated user was not found on the database (or the datasource you are using).

When I check IsAuthenticated it is false.   Okay, so I don't understand, this is the Login control and the LoggedIn event, which one would think means the user is now logged in and properly authenticated.

Anyway my end game is to just obtain the correct code that will correctly grab the logged in user so I can put them into session variables.  If I can't do it here then when and where can I do it during the login process? This really sounds like something that many people would want to do so there must be an easy solution out there.

Try this code:

 Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn
Dim User As MembershipUser
If Page.User.Identity.IsAuthenticated = True Then
User = Membership.GetUser()
HttpContext.Current.Session("UserGUID") = User.ProviderUserKey.ToString
HttpContext.Current.Session("UserName") = User.UserName.ToString
end If
End Sub

Thanks. That is the exact code I have now, so I am preplexed as to why in this event the IsAuthenticated cond reports false - yet the page logs me in just fine.  I login just fine but can't grab the logged in user information to store it into Session.  So this leads me to suspect that for some reason the LoggedIn event is not appropriate for this action?   I would love to understand why and and also how to achieve my goal.

MrCoastline:

Thanks. That is the exact code I have now, so I am preplexed as to why in this event the IsAuthenticated cond reports false - yet the page logs me in just fine.  I login just fine but can't grab the logged in user information to store it into Session.  So this leads me to suspect that for some reason the LoggedIn event is not appropriate for this action?   I would love to understand why and and also how to achieve my goal.

 Try this, instead of using the built in login control try using your own text boxes and button have the textbox ID's be txt_username, and txt_password then run this code under the button click event of the button that you create with what ever ID you want to give it

 ' This code will auth a person wether they use their email address they signed up 
        'or with or with the username those chose.

        'First Dim something to put the login info in
        Dim LoginID As String
        'Now check wether they entered in an email address or username
        'and if entered in email address it will populate LoginID with the username
        'that goes with that email address
        If Membership.Provider.GetUserNameByEmail(txt_username.Text) Is Nothing Then
            LoginID = txt_username.Text
        Else
            LoginID = Membership.Provider.GetUserNameByEmail(txt_username.Text)
        End If
        'Next check the username and password and if correct it will login if not lbl will be shown and told
        'that they do not have the correct login.
        If (Membership.ValidateUser(LoginID, txt_password.Text)) Then
            FormsAuthentication.RedirectFromLoginPage(LoginID, True)
        Else
            lbl_result.Text = "Incorrect Login"
        End If

And then put this code under the Page_load event

 'Also User might be a already used by asp.net so you may want to change it 
        'to something like AuthedUser

        Dim AuthedUser As MembershipUser
        If Page.User.Identity.IsAuthenticated = True Then
            AuthedUser = Membership.GetUser()
            HttpContext.Current.Session("UserGUID") = AuthedUser.ProviderUserKey.ToString
            HttpContext.Current.Session("UserName") = AuthedUser.UserName.ToString
        End If

Actually.. I think I have it figured out.. when you use the getuser method you need to specify how to get the user You are not supplying it with anything so try this line of code in there

AuthedUser = Membership.GetUser(page.user.identity.name)
          

MrCoastline:

When I check IsAuthenticated it is false.   Okay, so I don't understand, this is the Login control and the LoggedIn event, which one would think means the user is now logged in and properly authenticated.

Probably that part of your code is correct, you should check elsewhere. Verify the method you are using for authentication (in web.config), etc.

Check this article, it could help you:

http://www.codeproject.com/useritems/logincontrol.asp

Torqie, your comments sparked something that I read somewhere, but can't seem to locate again now.  You have to specifically call ValidateUser with username/pwd the user entered even though this is the LoggedIn event, which fires after the user has already been validated.  I know, it defies logic, so if some expert can explain this counter intuitive behavior then I will be able to sleep better at night.  In the end I came up with the following code that works and will hopefully prevent others from banging their heads into walls.

This does not require modifying the Login control or intercepting any button events.  Just a few lines of tight code.

End Class

Victor,

actually the Membership.ValidateUser is not necessary. This is done by the Login control.

I think the problem must be something else. Because, if you inspect the session that is used to store UserGUID and UserName you will see that on the page loaded after the LoggedIn event is done the session is cleared. Or rather, a new session is started because the session id's of the HttpContext.Current.Session in LoggedIn and on subsequent requests are different.

So my question is, what happens with the session after LoggedIn ?? Using the Session_Start event in Global.asax I can clearly see that a new session is actually started after the LoggedIn event is done and before the next page is processed, thus invalidating any data stored in session during LoggedIn.

- Peter
 

...and for a solution I found that the Session_Start event in Global.asax could serve me well. Heres a sample:

    void Session_Start(object sender, EventArgs e)
    {
        MembershipUser user = Membership.GetUser();
        if (user != null)
        {
            HttpContext.Current.Session["UserName"] = user.UserName;
             // ...or store some other user-related data in session here
        }
    }

- Peter