Using Custom MembershipProvider without a Login control in ASP.NET

Question

We have got a custom MembershipProvider in ASP.NET. Now there are 2 possible scenario the user can be validated:

1. User login via login.aspx page by entering his username/password. I have used Login control and linked it with the MyMembershipProvider. This is working perfectly fine.

2. An authentication token is passed via some URL in query string form a different web sites. For this I have one overload in MembershipProvider.Validate(string authenticationToken), which is actually validating the user. In this case we cannot use the Login control. Now how can I use the same MembershipProvider to validate the user without actually using the Login control? I tried to call Validate manually, but this is not signing the user in.

Here is the code snippet I am using

if (!string.IsNullOrEmpty(Request.QueryString["authenticationToken"])) {
    string ticket = Request.QueryString["authenticationToken"];
    MyMembershipProvider provider = Membership.Provider as MyMembershipProvider;
    if (provider != null) {
        if (provider.ValidateUser(ticket))
            // Login Success
        else
            // Login Fail
    }
}

Answer 1

After validation is successful, you need to sign in the user, by calling FormsAuthentication.Authenticate: http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.authenticate.aspx

EDIT: It is FormsAuthentication.SetAuthCookie: http://msdn.microsoft.com/en-us/library/twk5762b.aspx

Also, to redirect the user back where he wanted to go, call: FormsAuthentication.RedirectFromLoginPage: http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.redirectfromloginpage.aspx

link text