Login - FadiZahhar/umbraco8showandtell GitHub Wiki

Your login logic is in:

  • ViewModel/LoginViewModel.cs

  • Controllers/LoginController.cs

Let’s read and break down these files, then walk through a step-by-step Umbraco 8 login guide using your architecture.

Step 2: Review LoginViewModel.cs

Your LoginViewModel is straightforward:

  • Username (required)

  • Password (required)

  • RedirectUrl (optional, for post-login redirection)

Step 3: Review LoginController.cs

Let’s see how the login workflow is handled.

Your LoginController implements a best-practice, secure login process for Umbraco 8 Members, including:

  • Login with username and password

  • Checks for:

    • User existence

    • Account locked

    • Email verified (emailVerified custom property)

  • If successful, logs in the member and redirects.

  • Forgotten password and reset password workflows, each with view models, secure tokens, expiry dates, and email notifications.

Step-by-Step: Secure Member Login in Umbraco 8

(Based on your project’s architecture and code)

Step 1: Prepare Member Type and Properties

In Umbraco Backoffice > Members > Member Types ("Member"), ensure these properties:

  • emailVerified (True/False)

  • resetLinkToken (Textstring)

  • resetExpiryDate (Date/Time)

You’ll also want standard member fields: Username, Email, Password, and any profile fields you require.

Step 2: Create the Login ViewModel

File: /ViewModel/LoginViewModel.cs

public class LoginViewModel
{
    [Display(Name = "Username")]
    [Required]
    public string Username { get; set; }

[Display(Name = "Password")]
[Required]
public string Password { get; set; }

public string RedirectUrl { get; set; }



}

Step 3: Create the Login Partial View

File: /Views/Partials/Login/Login.cshtml

@model HighlyDeveloped.Core.ViewModel.LoginViewModel

@using (Html.BeginUmbracoForm("HandleLogin", "Login"))
{
@Html.AntiForgeryToken()
<div class="form-group">
@Html.LabelFor(m => m.Username)
@Html.TextBoxFor(m => m.Username, new { @class = "form-control" })
@Html.ValidationMessageFor(m => m.Username)
</div>
<div class="form-group">
@Html.LabelFor(m => m.Password)
@Html.PasswordFor(m => m.Password, new { @class = "form-control" })
@Html.ValidationMessageFor(m => m.Password)
</div>
@Html.HiddenFor(m => m.RedirectUrl)
<button type="submit" class="btn btn-primary">Login</button>
}
@Html.ValidationSummary(true)
@if (TempData["status"] != null && TempData["status"].ToString() == "OK")
{
<div class="alert alert-success">Login successful!</div>
}

Step 4: Login Controller Logic

File: /Controllers/LoginController.cs

Key points:

  • Renders the login form.

  • On POST:

    • Validates the form.

    • Checks for user existence and locked status.

    • Checks if email is verified (emailVerified property).

    • Attempts login using Members.Login(username, password).

    • If login is successful, redirects to the originally requested page.

Failure at any point results in a clear ModelState error for the user.

Step 5: Render the Login Form Anywhere

Add to your login page template:

@Html.Action("RenderLogin", "Login")

Or, in the grid/RTE as a MacroPartial if you adapt rendering.

Step 6: Forgotten Password Workflow

(Optional, but strongly recommended for real-world apps)

  • Forgotten Password:

    • Form collects email address.

    • Controller checks for member and sends an email with a reset link (token & expiry).

  • Reset Password:

    • User visits link with token; enters new password.

    • Controller checks token and expiry; updates password if valid.

This protects user accounts and helps users recover access.

Step 7: Summary Table

Step What/Where Why
Member Properties Member Type + custom properties Support verification, password reset
ViewModel /ViewModel/LoginViewModel.cs Structure and validation
Partial View /Views/Partials/Login/Login.cshtml Render login form
Controller /Controllers/LoginController.cs Handles login, forgot/reset logic
Render Form Page template or macro Place login anywhere you need it

Step 8: How it Works—Narrative Flow

  1. User visits the login page.

  2. The login form is shown, collecting username and password.

  3. On submit:

    • Form validation runs.

    • System checks for:

      • User existence

      • Locked account

      • Email verification

    • Credentials are checked with Members.Login.

    • If successful, user is logged in and redirected.

    • If not, the user sees helpful feedback.

  4. If the user forgets their password, they can use the "Forgotten Password" form.

    • A secure email with a reset link and expiry is sent.

    • The user can set a new password using the reset page.

Best Practice Tips

  • Always use anti-forgery tokens on forms.

  • Provide clear feedback for errors (user not found, locked out, not verified).

  • Support secure password reset.

  • Use roles/groups for member authorization if needed.

  • Consider adding brute-force lockout or CAPTCHA on repeated failures.

This matches modern, secure login patterns and is built to scale with your Umbraco 8 project.

⚠️ **GitHub.com Fallback** ⚠️