views:

168

answers:

1

I am getting the above error in IIS 6.0 now when I browse my C# / SQL web application. This was built in VS 2008 and SS 2008 on a 32-bit XP OS. The application was working before I added Login controls to it. However, this is my first time configuring Login/password controls so I am probably missing something really basic.

This error doesn't happen until I try to login. Here are the details of my error from IIS; I get the same error in VS:

Parser Error Message: Password format specified is invalid.

Source Error: 


Line 31:                  <add
Line 32:                    name="SqlProvider"
Line 33:                    type="System.Web.Security.SqlMembershipProvider"
Line 34:                    connectionStringName="AdventureWorksConnectionString2"
Line 35:                    applicationName="AddFileToSQL2"


Source File: C:\Inetpub\AddFileToSQL2\web.config    Line: 33

And the relevant contents of my web.config are:

  <connectionStrings>
    <add name="Master" connectionString="server=MSSQLSERVER;database=Master; Integrated Security=SSPI"
      providerName="System.Data.SqlClient" />
    <add name="AdventureWorksConnectionString" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Integrated Security=True"
      providerName="System.Data.SqlClient" />
      <add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Integrated Security=True; "
  providerName="System.Data.SqlClient" />
  </connectionStrings>
      <system.web>

          <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
              <providers>
                  <clear />
                  <add
                    name="SqlProvider"
                    type="System.Web.Security.SqlMembershipProvider"
                    connectionStringName="AdventureWorksConnectionString2"
                    applicationName="AddFileToSQL2"
                    enablePasswordRetrieval="false"
                    enablePasswordReset="true"
                    requiresQuestionAndAnswer="true"
                    requiresUniqueEmail="false"
                    passwordFormat="encrypted" />
              </providers>
          </membership>
          <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
        <roleManager enabled="true" />
  <compilation debug="true">
            <assemblies>
                <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
                <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
                <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
                <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
            </assemblies>
        </compilation>
        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
          <authentication mode="Forms">
              <forms loginUrl="Password.aspx"
                     protection="All"
                     timeout="30"
                     name="SqlAuthCookie"
                     path="/FormsAuth"
                     requireSSL="false"
                     slidingExpiration="true"
                     defaultUrl="default.aspx"
                     cookieless="UseCookies"
                     enableCrossAppRedirects="false" />
          </authentication>

          <!--Authorization permits only authenticated users to access the application -->
          <authorization>
              <deny users="?" />
              <allow users="*" />
          </authorization>

          <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
        <pages>
            <controls>
                <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
                <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            </controls>
        </pages>
        <httpHandlers>
            <remove verb="*" path="*.asmx"/>
            <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
    </httpHandlers>
        <httpModules>
            <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        </httpModules>
    </system.web>

    <system.codedom>
        <compilers>
            <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
                <providerOption name="CompilerVersion" value="v3.5"/>
                <providerOption name="WarnAsError" value="false"/>
            </compiler>
        </compilers>
    </system.codedom>
    <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
    <system.webServer>
        <validation validateIntegratedModeConfiguration="false"/>
        <modules>
            <remove name="ScriptModule"/>
            <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        </modules>
        <handlers>
            <remove name="WebServiceHandlerFactory-Integrated"/>
            <remove name="ScriptHandlerFactory"/>
            <remove name="ScriptHandlerFactoryAppServices"/>
            <remove name="ScriptResource"/>
            <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
            <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
        </handlers>
    </system.webServer>
    <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
            <dependentAssembly>
                <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
                <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
            </dependentAssembly>
            <dependentAssembly>
                <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
                <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
            </dependentAssembly>
        </assemblyBinding>
    </runtime>
      <system.net>
           <mailSettings>
                <smtp from="[email protected]">
                     <network host="SIDEKICK" password="" userName="" />
                </smtp>
           </mailSettings>
      </system.net>
</configuration>

I checked and I do have an aspnetdb database in my SSMS. The Network Service account has SELECT, EXECUTE, INSERT, UPDATE access to this database. But one problem I see is that all of the tables in this database are empty except for aspnet_SchemaVersions, which just has 2 records (common and membership). Is this right?

I added users and roles via ASP.NET Configuration wizard, and I believe I set this up correctly since I followed the Microsoft tutorial at http://msdn.microsoft.com/en-us/library/ms998347.aspx.

One other problem I see from VS is after adding content to my Page_Load on my initial login Password.aspx.cs file, I'm getting an invalid cast problem below. I googled this problem also but the solutions I saw confused me even more. The Page_Load section I added is:

protected void Page_Load(object sender, EventArgs e)
        {
            Response.Write("Hello, " + Server.HtmlEncode(User.Identity.Name));

            FormsIdentity id = (FormsIdentity)User.Identity;
            FormsAuthenticationTicket ticket = id.Ticket;

            Response.Write("<p/>TicketName: " + ticket.Name);
            Response.Write("<br/>Cookie Path: " + ticket.CookiePath);
            Response.Write("<br/>Ticket Expiration: " +
                            ticket.Expiration.ToString());
            Response.Write("<br/>Expired: " + ticket.Expired.ToString());
            Response.Write("<br/>Persistent: " + ticket.IsPersistent.ToString());
            Response.Write("<br/>IssueDate: " + ticket.IssueDate.ToString());
            Response.Write("<br/>UserData: " + ticket.UserData);
            Response.Write("<br/>Version: " + ticket.Version.ToString());

       }

And the VS exception I'm getting:

System.InvalidCastException was unhandled by user code
  Message="Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'."
  Source="AddFileToSQL"
  StackTrace:
       at AddFileToSQL.Password.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\Admin\My Documents\Visual Studio 2008\Projects\AddFileToSQL2\AddFileToSQL\Password.aspx.cs:line 22
       at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
       at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
       at System.Web.UI.Control.OnLoad(EventArgs e)
       at System.Web.UI.Control.LoadRecursive()
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  InnerException: 
+1  A: 

This should allow only authorized users correct? If so, change this

 <authorization>
              <deny users="?" />
              <allow users="*" />
          </authorization>

to

 <authorization>
              <deny users="?" />
          </authorization>

In addition, you are trying to use integrated authentication to connect to sql from IIS. You probably do not want to do that. Specify a user name and password to use.

http://www.connectionstrings.com/sql-server-2008

Raj Kaimal
I changed this web.config above to your recommended but I have Basic Authentication selected and not Integrated from IIS. But I will check out the link above.
salvationishere
I am talking about your sql connection strings. Its either sql authentication (username and password) or windows authentication (integrated)
Raj Kaimal
Oh I get what you are saying now. However, I want sql authentication but without letting username and password be sent over clear text.
salvationishere
You either need the identity the app pool is running under to have a windows (domain) account for windows auth.. or your connection string should have a user name/password for sql auth. One way with sql auth, to prevent u/pwd being set over the wire is with this: http://msdn.microsoft.com/en-us/library/ms189067.aspx
Raj Kaimal