## WebSecurity.Login() Method
The `WebSecurity.Login()` method is part of the ASP.NET Web Pages Security framework. It authenticates a user by validating their username and password against the membership database and logs them into the application.
---
## Syntax
This method is available in both C# and VB.NET. It accepts the user credentials and an optional parameter to persist the authentication cookie across browser sessions.
### C# Syntax
```csharp
public static bool Login(string userName, string password, bool persistCookie = false)
```
### VB.NET Syntax
```vb
Public Shared Function Login(userName As String, password As String, Optional persistCookie As Boolean = False) As Boolean
```
---
## Parameters
| Parameter | Type | Description |
| :--- | :--- | :--- |
| `userName` | `String` | The username of the user attempting to log in. |
| `password` | `String` | The password associated with the specified username. |
| `persistCookie` | `Boolean` | *(Optional)* Set to `true` to persist the authentication cookie across browser sessions (a "Remember Me" feature). If `false`, the cookie expires when the browser is closed. The default is `false`. |
---
## Return Value
* **Type:** `Boolean`
* **Description:** Returns `true` if the username and password are valid and the user is successfully logged in; otherwise, `false`.
---
## Code Examples
### C# Example
The following example demonstrates how to use `WebSecurity.Login` in an ASP.NET Web Pages (Razor) environment using C#.
```csharp
@{
var username = Request;
var password = Request;
var rememberMe = Request != null;
if (IsPost) {
if (WebSecurity.Login(username, password, persistCookie: rememberMe)) {
Response.Redirect("~/Home");
} else {
Incorrect username or password.
}
}
}
```
### VB.NET Example
The same logic implemented using VB.NET syntax:
```vbhtml
@Code
Dim username = Request("username")
Dim password = Request("password")
Dim rememberMe = Request("rememberMe") IsNot Nothing
If IsPost Then
If WebSecurity.Login(username, password, persistCookie:=rememberMe) Then
Response.Redirect("~/Home")
Else
@
Incorrect username or password.
End If
End If
End Code
```
---
## Remarks
* **Authentication Cookies:** When a user successfully logs in, ASP.NET issues an encrypted authentication cookie to the client's browser. This cookie is sent with subsequent requests to identify the authenticated user.
* **Session vs. Persistent Cookies:** If `persistCookie` is set to `false`, the authentication token is stored in a session cookie, which is deleted when the user closes their browser. Setting it to `true` creates a persistent cookie that remains valid until its expiration date, even if the browser is closed and reopened.
---
## Errors and Exceptions
An `InvalidOperationException` will be thrown when calling `WebSecurity.Login()` under the following conditions:
1. **Database Connection Not Initialized:** The `WebSecurity.InitializeDatabaseConnection()` method has not been called before attempting to log in.
2. **SimpleMembership Disabled:** The SimpleMembership provider is not initialized or has been explicitly disabled in the application's configuration (`web.config`).
---
## Technical Reference
| Property | Value |
| :--- | :--- |
| **Namespace** | `WebMatrix.WebData` |
| **Assembly** | `WebMatrix.WebData.dll` |