I've noticed that forums are littered with examples of this problem, but with the only solutions referring to events not actually being hooked up, or typos. I'm pretty sure that my problem relates to neither of these!

I have a login control with an opening tag that looks like this:

<asp:Login ID="signInControl" FailureText="Sorry, your login has not been successful" runat="server" DisplayRememberMe="false" OnLoggedIn="signInControl_LoggedIn" OnAuthenticate="signInControl_Authenticate" OnLoggingIn="signInControl_LoggingIn">

Here are my events in the code-behind:

protected void signInControl_LoggedIn(object sender, EventArgs e)
        {
            MembershipProvider provider = Membership.Providers[GlobalConstants.MembershipProviderName];
            MembershipUser user = provider.GetUser(this.signInControl.UserName, true);

            int expiryInDays = Utility.GetConfigurationValueAsInt(SPContext.Current.Web, "PasswordExpiryLengthInDays");

            // provide a mechanism to stop password expiry (i.e. if -1);
            if (expiryInDays > 0)
            {
                expiryInDays = expiryInDays * -1;

                // If the user hasn't changed their password within the last x days, send them to update it.
                DateTime minimumPasswordChange = DateTime.Now.AddDays(expiryInDays);

                TimeSpan due = user.LastPasswordChangedDate.Subtract(minimumPasswordChange);

                Logging.LogTrace(string.Format("The user {0} next password change is in {1} days.", user.UserName, due.Days));

                if (user.LastPasswordChangedDate >= minimumPasswordChange)
                {
                    SPUtility.Redirect("/_layouts/ExpiredPassword.aspx", SPRedirectFlags.Trusted, this.Context);
                }
            }
            else
            {
                SPUtility.Redirect("/_layouts/ExpiredPassword.aspx", SPRedirectFlags.Trusted, this.Context);
            }
        }
protected void signInControl_Authenticate(object sender, AuthenticateEventArgs e)
        {
            SPClaimsUtility.AuthenticateFormsUser(new Uri(SPContext.Current.Web.Url), this.signInControl.UserName, this.signInControl.Password);
            e.Authenticated = Membership.ValidateUser(this.signInControl.UserName, this.signInControl.Password);
        }
protected void signInControl_LoggingIn(object sender, LoginCancelEventArgs e)
        {
            Logging.LogTrace(string.Format("User {0} attempting to sign in.", this.signInControl.UserName));
            e.Cancel = false;
        }

And as you can see in the authenticate event, e.authenticated is being set by whether the user can be validated. I've confirmed by stepping into the code that true is returned. So why isn't my signInControl_LoggedIn method firing? I'm seriously confused!

This is the markup for the front-end:

Thanks for any help!

Karl.

There are number of posts that describe how to create your own custom login page for SharePoint 2010. Here is the one I followed. In general, they create an application page that inherits from FormsSignInPage. For a page that just needs to change the look and feel, this works well. In some cases, like this one, creating the login page in this way may not be enough.

The way it is described at the end of this post, you need to inherit from IdentityModelSignInPageBase instead of FormsSignInPage. You also need to create an event handler for the authenticate event and register this in the OnLoad event of the page.

This is because the Authenticate method in the control will automatically take the user to the "ReturnUrl" page before it ever calls the OnLoggedIn event. It only takes two lines of code to authenticate the user in this method.

void signInControl_Authenticate(object sender, AuthenticateEventArgs e)
{
  Login signInControl = sender as Login;
  e.Authenticated = SPClaimsUtility.AuthenticateFormsUser(this.Page.Request.Url, signInControl.UserName, signInControl.Password);
}

Since your code now does not send the user to the ReturnUrl value, the OnLoggedIn event is reached.

You may ask why do I need the OnLoggedIn event if I have to create a custom Authenticate method. Well, there are still functions the control will handle for you. For instance, if the user does not authenticate (ie bad UN and PW combination), the control will display the error message and the OnLoggedIn never fires.

If you inherit from FormsSignInPage you may override your function RedirectToSuccessUrl:

protected override void RedirectToSuccessUrl()
{
    //Your code here if successful login
    base.RedirectToSuccessUrl();
}