Okay, I have the code block:
@{// Initialize pagevar username = "";var password = "";var ErrorMessage = "";// If this is a POST request, validate and process dataif (IsPost){username = Request.Form["username"];password = Request.Form["password"];if (username.IsEmpty() || password.IsEmpty()){ErrorMessage = "You must specify a username and password.";}else{// Login, Navigate back to the homepage and exitif (WebSecurity.Login(username, password, false)){Response.Redirect("~/");}else{ErrorMessage = "Login failed";}}}}@if (ErrorMessage!="") {<p>@ErrorMessage</p><p>Please correct the errors and try again.</p>}<form method="post" action=""><fieldset><legend>Log In to Your Account</legend><ol><li><label>Username:</label><input type="text" id="username" name="username" /></li><li><label>Password:</label><input type="password" id="password" name="password" /></li><li><p><input type="submit" value="login" /></p></li></ol></fieldset></form>
I think it's doing that authenticate thing with the "WebSecurity.Login(username, password, false)" line. But the problem is by default, the websecurity.isauthenticated is set to true, at least on my example. Shouldn't it always be a false check if the page is freshly loaded? I did log in with a valid user name and password initially before they had me add the security. Does the initial login just keep the authenticate option set to true?...