tags:

views:

123

answers:

2
Q: 

ASP.NET Login Control rejects users who exist

Hi,

I'm having some trouble with the ASP.NET 2.0 Login Control.

  • I've setup a database with the aspI.net regsql tool.
  • I've checked the application name. It is set to "/".

The application can access the SQL Server. In fact, when I go to retrieve the password, it will even send me the password. Despite this, the login control continues to reject logins.

I added this to the web.config:

<membership defaultProvider="AspNetSqlProvider">
  <providers>
    <clear/>
    <add name="AspNetSqlProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
  </providers>

And I added the following to my connection strings:

 <remove name="LocalSqlServer" />
    <add name="LocalSqlServer" connectionString="Data Source=IDC-4\EXCALIBUR;Initial Catalog=allied_nr;Integrated Security=True;Asynchronous Processing=True"/>

(Note the "remove name" is to get rid of the default connection string in the App_Data directory.)

Why won't the login control authenticate users?

+1  A: 

It sounds like you are storing your passwords in plain text, but the default password storage format of SqlMembershipProvider is "Hashed." You would never be able to retrieve a user's password from the database if it is stored as hashed.

MrGumbe  2010-04-16 19:44:13
What makes you think that I'm storing the passwords in plain text?I ran the tool to create the ASP.NET Membership schema. Wouldn't it create the default storage method in the schema?I'm creating the user for now in the Administration tool--which I would think would use the default approach, no?
rsteckly  2010-04-16 23:37:54
Because of your statement, "when I go to retrieve the password, it will even send me the password." A hash is one-way, so if it was storing it in a hashed format then it would not be able to retrieve it, only verify the user's entry.
MrGumbe  2010-04-17 18:01:26
A: 

A great set of articles about the Memebership Provider was written on the 4 Guys From Rolla site. Check it out, as I think it will help!

http://www.4guysfromrolla.com/articles/120705-1.aspx

From Part 4 of the series:

"In the Membership system, there are multiple scenarios by which a user's credentials can be invalid:

  • The username supplied might not exist in the membership directory
  • The username may exist, but the supplied password might be incorrect
  • The username and password may be correct, but:
    • The user may not yet be approved
    • The user may be locked out; this can happen if the user attempts to login with an invalid password for a specified number of tries (five, by default)

Unfortunately, the ValidateUser(userName, password) method just returns False if the credentials are invalid, and does not include information as to why, exactly, the credentials are invalid"

Robert Williams  2010-04-16 20:25:41

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps