views:

89

answers:

2

I'm using the SqlMembershipProvider and have a problem where aspnet_Membership_UpdateUserInfo is being called twice for a single failed logon. This means that a user will be locked out after only two attempts, not the 3 that I have configured.

Unfortunately I can't simply bump the login attempts count to a higher number as the problem only seems to be happening for IE users. Firefox and Chrome don't exibit the same problem.

The config I'm using is:

<membership defaultProvider="AcademyWebProvider" userIsOnlineTimeWindow="3">
    <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add minRequiredNonalphanumericCharacters="0" 
            minRequiredPasswordLength="3" 
            maxInvalidPasswordAttempts="3" 
            passwordAttemptWindow="15" 
            applicationName="AcademyPro" 
            connectionStringName="SqlServer" 
            enablePasswordReset="true" 
            requiresQuestionAndAnswer="false"
            name="AcademyWebProvider" 
            type="System.Web.Security.SqlMembershipProvider" />
    </providers>
</membership>

UPDATE
Digging around a bit more and looking at the fiddler traces IE7 (IE7 proper, not IE 8 computability mode) and IE8 submit the form twice. I also added onsubmit="alert('Ping!');" to the form tag, the alert box shows twice, so what ever the problem is it's in javascript.

A: 

If it's IE8 specifically that the problem is occuring in then try using something like Fiddler to look at the requests that are being sent to your server, to see if multiple requests are being submitted by the browser.

It could be that the bugs in IE8's Lookahead Downloader have something to do with it.

Rob
Using fiddler it looks like IE8 is sending all login requests twice. Both valid and invalid, it makes me wonder what else gets sent twice.
ilivewithian
Rob
A: 

It turns out that the problem was to do with the CSS Adapters, remove them and the problem goes away.

ilivewithian