asp.net Login for new user fails
This is a restatement of my earlier question about password validation, which was never answered despite requesting moderator attention. I have since sharpened the question.
My asp.net application for Lucid Equipment is running at 54.235.245.110. However there is a serious, absolutely repeatable problem when a new user registers, namely the user can't login the first time. Upon using the forgot password mechanism, the user gets a new password and successfully logs in. The password can be changed to the original password, and that now works.
I have used breakpoints and SSMS (Membership is a SS table), and determined it is not the IsApproved or LockedOut flags. Neither is the password defective. The user is created, shows up in the Membership and Users tables, but login doesn't work.
Currently LoginCreatedUser is set to false for my debugging convenience. DisableCreatedUser also set to false to make sure the IsApproved flag is not in the way. I've got error coding in the login form which catches bad passwords and other problems. Registration is now set up to send the new user an email with a link to validate the new user is really a person, so when you test, use a valid email. I am currently allowing reuse of email addresses for testing purposes. I've worked over web.config too.
Please demonstrate the problem for yourself and then let me know what code you would like to see.
My asp.net application for Lucid Equipment is running at 54.235.245.110. However there is a serious, absolutely repeatable problem when a new user registers, namely the user can't login the first time. Upon using the forgot password mechanism, the user gets a new password and successfully logs in. The password can be changed to the original password, and that now works.
I have used breakpoints and SSMS (Membership is a SS table), and determined it is not the IsApproved or LockedOut flags. Neither is the password defective. The user is created, shows up in the Membership and Users tables, but login doesn't work.
Currently LoginCreatedUser is set to false for my debugging convenience. DisableCreatedUser also set to false to make sure the IsApproved flag is not in the way. I've got error coding in the login form which catches bad passwords and other problems. Registration is now set up to send the new user an email with a link to validate the new user is really a person, so when you test, use a valid email. I am currently allowing reuse of email addresses for testing purposes. I've worked over web.config too.
Please demonstrate the problem for yourself and then let me know what code you would like to see.
hi
i register in your site and i enter a password of 6 length and it accept it without showing an error also it ask me to select my Role
maybe you are missing some thing in the login part
i register in your site and i enter a password of 6 length and it accept it without showing an error also it ask me to select my Role
maybe you are missing some thing in the login part
ASKER
I have added a regex validator to the registration form, now requiring 8 chars, upper and lower case, and number or special character. I still have the original problem. Since I believe I'm properly trapping IsApproved and LockedOut cases, all that seems to be left is password. I've also checked that the web.config includes the application name
ASKER
when you experiment, please preface your user name with "ee" so I can distinguish testers from users
ASKER
Further investigation shows that Membership.validateuser returns false upon first login, but not subsequently. I have explicitly set the hashedalgorithmType=SHA1 and also the machine key, in the web.config file. Still not working.
ASKER
My latest theory: I know that IsApproved and LockedOut are properly set. Debugging shows that the username and password are properly entered in the login form, yet generate an error when compared w/ what is in the membership table.
I believe that the hashing algorithm used by createuserwizard is different than that used by Login control, causing the mismatch error. The reason that the changed password works is that its entry form uses the same encoding as login uses upon retrieval. It's a theory.
I've tried setting machine key and membership both to SHA1 and the asp.net 4.0 default of HMACSHA1
I believe that the hashing algorithm used by createuserwizard is different than that used by Login control, causing the mismatch error. The reason that the changed password works is that its entry form uses the same encoding as login uses upon retrieval. It's a theory.
I've tried setting machine key and membership both to SHA1 and the asp.net 4.0 default of HMACSHA1
Can you share your membership/roles settings from your web.config.
ASKER
absolutely! Here's a chunk of current web.config settings. Ask for more if you need it.
<system.web>
<machineKey validation="HMACSHA256" validationKey="AutoGenerate,IsolateApps" />
<roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES"
cookieTimeout="45" defaultProvider="SqlRoleProvider">
<providers>
<add
connectionStringName="SqlRoleManagerConnection"
applicationName="website3"
name="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
/>
</providers>
</roleManager>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH"/>
</authentication>
<authorization>
<allow users="?"/>
<allow roles="admin"/>
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="45" hashAlgorithmType="HMACSHA256">
<providers>
<clear/>
<add
connectionStringName="lucidequipmentConnectionString"
applicationName="Website3"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
passwordStrengthRegularExpression=""
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
/>
</providers>
</membership>
Since you are doubting the hashalgorithm type, can you do a test on it by using the following when you register and login:
-In addition do you see one or two user with the same name in the aspnet_Users table?
Note: I never received the forgot password reset email though.
Response.Write (Membership.HashAlgorithmType);-In addition do you see one or two user with the same name in the aspnet_Users table?
Note: I never received the forgot password reset email though.
ASKER
Thanks for the participation; I really appreciate the help.
HashAlgorithm shows as HMACSHA256 in my development environment (LocalHost) when I inserted your suggestion in the page load sub. The version running on the external server (Amazon Web Services) is still set to SHA1, the earlier default. No difference in behavior between the two machines.
AWS was running slowly yesterday, which may account for the reset email not getting through, though this function has been running flawlessly at AWS. Pls try that again.
HashAlgorithm shows as HMACSHA256 in my development environment (LocalHost) when I inserted your suggestion in the page load sub. The version running on the external server (Amazon Web Services) is still set to SHA1, the earlier default. No difference in behavior between the two machines.
AWS was running slowly yesterday, which may account for the reset email not getting through, though this function has been running flawlessly at AWS. Pls try that again.
Yes, I received the email later...
- Can you make sure MembershipProvider property of your CreateUserWizard is not set to something else? Or try setting it explicity to "SqlProvider"
- Also can you make sure there aren't two users with same username in the aspnetUsers table
- Can you make sure MembershipProvider property of your CreateUserWizard is not set to something else? Or try setting it explicity to "SqlProvider"
- Also can you make sure there aren't two users with same username in the aspnetUsers table
ASKER
There was no explicit setting for MembershipProvider so I set it as you suggested, to no effect.
I'll check the user table for dups as soon as I return from a doc appointment. Stay tuned
I'll check the user table for dups as soon as I return from a doc appointment. Stay tuned
One more thing to try:
- Remove the hashAlgorithmType from the membership element in web.config
- Then explicitly set the machine key. Use this to generate the machineKey.
- Remove the hashAlgorithmType from the membership element in web.config
- Then explicitly set the machine key. Use this to generate the machineKey.
ASKER
Still not working.
-removed hashAlgType
-set machine key
relevant part of web.config shown here
here's the createuserwizard code
-removed hashAlgType
-set machine key
relevant part of web.config shown here
<system.web>
<machineKey validationKey="3E3C24851E646855E1285A06AB30FE91DE844D308F68A23B59EDEB57B9F7C6A771649B6878920F987CCDD47E260B8AEDA75DDAC3A15BA87940F03DFAAACB84F4"
decryptionKey="FC872AB0519B047334D0ABE582F54E7960CBDE9D7D2E188329954E13AC99155B"
validation="SHA1" decryption="AES" />
<roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES"
cookieTimeout="45" defaultProvider="SqlRoleProvider">
<providers>
<add
connectionStringName="SqlRoleManagerConnection"
applicationName="website3"
name="SqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
/>
</providers>
</roleManager>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH"/>
</authentication>
<authorization>
<allow users="?"/>
<allow roles="admin"/>
</authorization>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="45">
<providers>
<clear/>
<add
connectionStringName="lucidequipmentConnectionString"
applicationName="Website3"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="1"
passwordStrengthRegularExpression=""
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
/>
</providers>
</membership>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<customErrors mode="Off"/>
</system.web>here's the createuserwizard code
<asp:CreateUserWizard ID="NewUserWizard" runat="server"
LoginCreatedUser="false"
DisableCreatedUser="true"
MembershipProvider="SqlProvider"
passwordregularexpression='(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
passwordregularexpressionerrormessage="Your password must be at least 8 characters long, and contain at least one number or one special character."
CompleteSuccessText="Your account has been created, but before you can login you must first verify your email address. A message has been sent to the email address you specified. Please check your email inbox and follow the instructions in that email to verify your account."
ContinueDestinationPageUrl="~/default.aspx" BackColor="#F7F6F3"
BorderColor="#E6E2D8" BorderStyle="Solid" BorderWidth="1px"
Font-Names="Verdana" Font-Size="0.8em" AutoGeneratePassword="True">
<ContinueButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana"
ForeColor="#284775" />
<CreateUserButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana"
ForeColor="#284775" />
<TitleTextStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
<WizardSteps>
<asp:CreateUserWizardStep runat="server" >
<ContentTemplate>
<table style="font-family:Verdana;font-size:100%;" align="center">
<tr>
<td align="right" colspan="2"
style="color:White;background-color:#5D7B9D;font-weight:bold;">
Sign Up for Your New Account</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">User Name:</asp:Label>
</td>
<td align="right">
<asp:TextBox ID="UserName" runat="server" ToolTip="Pick a user name"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server"
ControlToValidate="UserName" ErrorMessage="User Name is required."
ToolTip="User Name is required.">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
</td>
<td align="right">
<asp:TextBox ID="Password" runat="server" Tooltip="Must be at least 8 characters long and must include at least 1 non-alphanumeric character such as @, #, $, %, &" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server"
ControlToValidate="Password" ErrorMessage="Your password must be 8 characters long, and contain at least one number and one special character."
ToolTip="Password is required.">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="ConfirmPasswordLabel" runat="server"
AssociatedControlID="ConfirmPassword">Confirm Password:</asp:Label>
</td>
<td align="right">
<asp:TextBox ID="ConfirmPassword" runat="server" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="ConfirmPasswordRequired" runat="server"
ControlToValidate="ConfirmPassword"
ErrorMessage="Confirm Password is required."
ToolTip="Confirm Password is required.">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="EmailLabel" runat="server" AssociatedControlID="Email">E-mail:</asp:Label>
</td>
<td align="right">
<asp:TextBox ID="Email" runat="server"></asp:TextBox>
<asp:RequiredFieldValidator ID="EmailRequired" runat="server"
ControlToValidate="Email" ErrorMessage="E-mail is required."
ToolTip="E-mail is required.">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="QuestionLabel" runat="server" AssociatedControlID="Question">Security Question:</asp:Label>
</td>
<td align="right">
<asp:TextBox ID="Question" runat="server" ToolTip="For example, 'favorite team'"></asp:TextBox>
<asp:RequiredFieldValidator ID="QuestionRequired" runat="server"
ControlToValidate="Question" ErrorMessage="Security question is required."
ToolTip="Security question is required.">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right">
<asp:Label ID="AnswerLabel" runat="server" AssociatedControlID="Answer">Security Answer:</asp:Label>
</td>
<td align="right">
<asp:TextBox ID="Answer" runat="server"></asp:TextBox>
<asp:RequiredFieldValidator ID="AnswerRequired" runat="server"
ControlToValidate="Answer" ErrorMessage="Security answer is required."
ToolTip="Security answer is required.">*</asp:RequiredFieldValidator>
</td>
</tr>
<tr>
<td align="right" colspan="2">
<asp:CompareValidator ID="PasswordCompare" runat="server"
ControlToCompare="Password" ControlToValidate="ConfirmPassword"
Display="Dynamic"
ErrorMessage="The Password and Confirmation Password must match.">
</asp:CompareValidator>
<asp:RegularExpressionValidator
ID="RegularExpressionValidator1" runat="server"
ControlToValidate="Password"
Display="Dynamic"
validationExpression='(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
ErrorMessage="Your password must be at least 8 characters long, contain upper and lower case letters, and at least one number or one special character.">
</asp:RegularExpressionValidator>
</td>
</tr>
<tr>
<td align="right" colspan="2" style="color:Red;">
<asp:Literal ID="ErrorMessage" runat="server" EnableViewState="False"></asp:Literal>
</td>
</tr>
</table>
</ContentTemplate>
</asp:CreateUserWizardStep>
<asp:WizardStep ID="GetRole" runat="server">
<asp:Label ID="chooseRole" runat="server"
Text="Choose Role">
</asp:Label>
<asp:DropDownList ID="DropDownChooseRole" runat="server"
DataSourceID="LinqDataSource1" DataTextField="RoleName"
DataValueField="RoleID" AutoPostBack="True">
</asp:DropDownList>
</asp:WizardStep>
<asp:CompleteWizardStep ID="completeWizardStep1" runat="server" Title="Complete">
<ContentTemplate>
<table border="0" style="font-size: 100%; font-family: Verdana" id="TABLE1" >
<tr>
<td align="center" colspan="2" style="font-weight: bold; color: white; background-color: #5d7b9d; height: 18px;">
Complete</td>
</tr>
<tr>
<td>
Your account has been successfully created.
You will shortly receive an email asking you to verify your email address.
You will not be able to login until you complete the verification process.<br />
<br />
</tr>
<tr>
<td align="right" colspan="2">
<asp:Button ID="ContinueButton" runat="server" BackColor="#FFFBFF" BorderColor="#CCCCCC"
BorderStyle="Solid" BorderWidth="1px" CausesValidation="False" CommandName="Continue"
Font-Names="Verdana" ForeColor="#284775" Text="Continue" ValidationGroup="CreateUserWizard1" />
</td>
</tr>
</table>
</ContentTemplate>
</asp:CompleteWizardStep>
</WizardSteps>
<MailDefinition BodyFileName="~/RegisteredUsers/EmailTemplates/NewAccountTemplate.htm"
From="admin@lucideq.com" IsBodyHtml="True"
Subject="Steps to activate your new account..." Priority="High">
</MailDefinition>
<HeaderStyle BackColor="#5D7B9D" BorderStyle="Solid" Font-Bold="True"
Font-Size="0.9em" ForeColor="White" HorizontalAlign="Center" />
<NavigationButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC"
BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana"
ForeColor="#284775" />
<SideBarButtonStyle BorderWidth="0px" Font-Names="Verdana" ForeColor="White" />
<SideBarStyle BackColor="#5D7B9D" BorderWidth="0px" Font-Size="0.9em"
VerticalAlign="Top" />
<StepStyle BorderWidth="0px" />
</asp:CreateUserWizard>
I am running out of ideas...
- You said in the beginning you have DisableCreatedUser="false"
- What is it that you are doing when someone clicks the activate link in the registration email. Can you share that code?
- Also if you could share your code-behind from CreateUser.
- You said in the beginning you have DisableCreatedUser="false"
- What is it that you are doing when someone clicks the activate link in the registration email. Can you share that code?
- Also if you could share your code-behind from CreateUser.
ASKER
I originally left the new user logged in--the "false" setting. But for my debugging convenience I changed that to true.
Here's the code-behind for CreateUser. It's my register.aspx.vb file:
Here's the verify stuff (and again, I just went this route to break us the code; I don't really need email verification)
Here's the aspx file
Here's the code-behind for CreateUser. It's my register.aspx.vb file:
Imports System.Data
Imports System.Data.SqlClient
Imports System.Web.Security
Imports System.Web.UI
Partial Class register
Inherits BasePage
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
MyBase.LogActivity("Visiting Create Account.")
End Sub
Protected Sub NewUserWizard_SendingMail(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.MailMessageEventArgs) Handles NewUserWizard.SendingMail
MyBase.LogActivity("Creating User Account.")
'Send an email to the address on file
Dim userInfo As MembershipUser = Membership.GetUser(NewUserWizard.UserName)
'Construct the verification URL
Dim verifyUrl As String = Request.Url.GetLeftPart(UriPartial.Authority) & Page.ResolveUrl("~/RegisteredUsers/Verify.aspx?ID=" & userInfo.ProviderUserKey.ToString())
'Replace <%VerifyUrl%> placeholder with verifyUrl value
e.Message.Body = e.Message.Body.Replace("<%VerifyUrl%>", verifyUrl)
End Sub
Protected Sub NewUserWizard_CreatedUser(ByVal sender As Object, ByVal e As System.EventArgs) Handles NewUserWizard.CreatedUser
'This subroutine creates a new record in UserProfiles
'why is the role set to observer?
' Get the UserId of the just-added user
Dim newUser As MembershipUser = Membership.GetUser(NewUserWizard.UserName)
Dim newUserId As Guid = CType(newUser.ProviderUserKey, Guid)
'set Observer as the default role
'the uniqueIdentifier for an observer is "c49fe86b-739b-4992-82c2-74111831c74b"
Dim observer As Guid = New Guid("c49fe86b-739b-4992-82c2-74111831c74b")
' Insert a new record into UserProfiles
Dim connectionString As String = ConfigurationManager.ConnectionStrings("lucidequipmentConnectionString").ConnectionString
Dim insertSql As String = "INSERT INTO UserProfiles(UserId, company,address1, address2, city, state, postalCode,country, website, OfficePhone, MobilePhone, RoleId) VALUES(@UserId, @company, @address1, @address2, @city, @state, @postalCode, @country, @website, @OfficePhone, @MobilePhone, @RoleId)"
Using myConnection As New SqlConnection(connectionString)
myConnection.Open()
Dim myCommand As New SqlCommand(insertSql, myConnection)
myCommand.Parameters.AddWithValue("@UserId", newUserId)
myCommand.Parameters.AddWithValue("@company", DBNull.Value)
myCommand.Parameters.AddWithValue("@address1", DBNull.Value)
myCommand.Parameters.AddWithValue("@address2", DBNull.Value)
myCommand.Parameters.AddWithValue("@city", DBNull.Value)
myCommand.Parameters.AddWithValue("@state", DBNull.Value)
myCommand.Parameters.AddWithValue("@postalCode", DBNull.Value)
myCommand.Parameters.AddWithValue("@country", DBNull.Value)
myCommand.Parameters.AddWithValue("@website", DBNull.Value)
myCommand.Parameters.AddWithValue("@OfficePhone", DBNull.Value)
myCommand.Parameters.AddWithValue("@MobilePhone", DBNull.Value)
myCommand.Parameters.Add("@RoleID", SqlDbType.UniqueIdentifier).Value = observer
myCommand.ExecuteNonQuery()
myConnection.Close()
End Using
End Sub
Protected Sub NewUserWizard_ActiveStepChanged(sender As Object, e As System.EventArgs) Handles NewUserWizard.ActiveStepChanged
'Add a record to the table aspnet_UsersInRoles to document the role category of this user
' Have we JUST reached the Complete step?
If NewUserWizard.ActiveStep.Title = "Complete" Then
Dim RoleID As Guid = New Guid(DropDownChooseRole.SelectedValue)
' Insert the UsersInRoles record for this user
' Get the UserId of the just-added user
Dim newUser As MembershipUser = Membership.GetUser(NewUserWizard.UserName)
Dim newUserId As Guid = DirectCast(newUser.ProviderUserKey, Guid)
' Insert a new record into UsersInRoles
Dim connectionString As String = ConfigurationManager.ConnectionStrings("lucidequipmentConnectionString").ConnectionString
Dim updateSql As String = "INSERT INTO aspnet_UsersInRoles(userID, RoleID) VALUES(@UserId, @RoleID)"
Using myConnection As New SqlConnection(connectionString)
myConnection.Open()
Dim myCommand As New SqlCommand(updateSql, myConnection)
myCommand.Parameters.Add("@UserId", SqlDbType.UniqueIdentifier).Value = newUserId
myCommand.Parameters.Add("@RoleID", SqlDbType.UniqueIdentifier).Value = RoleID
myCommand.ExecuteNonQuery()
myConnection.Close()
End Using
End If
End Sub
End ClassHere's the verify stuff (and again, I just went this route to break us the code; I don't really need email verification)
Imports System.Text.RegularExpressions
Partial Class Verify
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'Make sure that a valid querystring value was passed through
If String.IsNullOrEmpty(Request.QueryString("ID")) OrElse Not Regex.IsMatch(Request.QueryString("ID"), "[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}") Then
InformationLabel.Text = "An invalid ID value was passed in through the querystring."
Else
'ID exists and is kosher, see if this user is already approved
'Get the ID sent in the querystring
Dim userId As Guid = New Guid(Request.QueryString("ID"))
'Get information about the user
Dim userInfo As MembershipUser = Membership.GetUser(userId)
If userInfo Is Nothing Then
'Could not find user!
InformationLabel.Text = "The user account could not be found in the membership database."
Else
'User is valid, approve them
userInfo.IsApproved = "True"
Membership.UpdateUser(userInfo)
'Display a message
InformationLabel.Text = "Your account has been verified and you can now log into the site."
End If
End If
End Sub
End ClassHere's the aspx file
<%@ Page Language="VB" MasterPageFile="~/MasterPages/FrontEnd.master" AutoEventWireup="false" CodeFile="Verify.aspx.vb" Inherits="Verify" title="Untitled Page" %>
<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
<asp:Panel runat="server">
<h2>
Verify Your Account
</h2>
<p>
<asp:Label ID="InformationLabel" runat="server"></asp:Label>
</p>
</asp:Panel>
</asp:Content>ASKER
The error message shown to user is that there is a username/password problem. It's not w/ the IsApproved or LockedOut state.
The puzzle is that the forgot password and change password routines are fine. A new password can be created which sails acceptably through the login process. What's different about those routines and the register routine in creating the password?
The puzzle is that the forgot password and change password routines are fine. A new password can be created which sails acceptably through the login process. What's different about those routines and the register routine in creating the password?
Can you try adding the Login_Error event handler to display specific error like shown in this article.
ASKER
Been there, seen that, done that. The code is already in my app. It says the error is in the login credentials
ASKER
I think I have it working, but not totally sure why.
That article to which you referred me, Part 4 of the series from 4Guys, has been my model for this all along, but somewhere along the way I got too fancy. I went back to his simpler code for the createuser module, added what I needed for roles, and bingo, with a few fixes it was working.
Now I'm going to look at what I lopped out, a lot of the createuserwizard properties and the regex stuff primarily, to see what made it break. I didn't touch web.config or all the hashing code properties there.
I'll report back.
That article to which you referred me, Part 4 of the series from 4Guys, has been my model for this all along, but somewhere along the way I got too fancy. I went back to his simpler code for the createuser module, added what I needed for roles, and bingo, with a few fixes it was working.
Now I'm going to look at what I lopped out, a lot of the createuserwizard properties and the regex stuff primarily, to see what made it break. I didn't touch web.config or all the hashing code properties there.
I'll report back.
ASKER
We have this narrowed down considerably, though still not solved. Very close.
I have two register.aspx pages, each with code behind. One is my work, modified through the last several days. The other is closely modeled on the downloads from 4guys. The latter works, and mine doesn't. The Login file and the web.config are the same for both cases.
I am still unable to pinpoint the difference between them. The code-behinds are identical except for the name of the class, which I don't think is significant. Each matches the field in the corresponding html file.
The big difference is a content template for field validation in the createuserwizardstep. I want it to help users fill in the registration form. Here are the four files. Can you see what's making one work and the other break?
My code is the pair of register files. The 4Guys version is the pair of register3 files, modified for my app.
register.aspx
I have two register.aspx pages, each with code behind. One is my work, modified through the last several days. The other is closely modeled on the downloads from 4guys. The latter works, and mine doesn't. The Login file and the web.config are the same for both cases.
I am still unable to pinpoint the difference between them. The code-behinds are identical except for the name of the class, which I don't think is significant. Each matches the field in the corresponding html file.
The big difference is a content template for field validation in the createuserwizardstep. I want it to help users fill in the registration form. Here are the four files. Can you see what's making one work and the other break?
My code is the pair of register files. The 4Guys version is the pair of register3 files, modified for my app.
register.aspx
ASKER
One thing you are missing is ValidationGroup.
Add ValidationGroup="NewUserWi
Add ValidationGroup="NewUserWi
ASKER
Made the addition to six required field validators and one compare validator, but still not working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You found it! Now working. Good catch. You deserve double points; this one had me baffled, but I learned a lot while getting it fixed
ASKER
Great persistence
That thing was buried in between the Styles so was overlooked.
Side-note: You will still need to keep that ValidationGroup="NewUserWi
Side-note: You will still need to keep that ValidationGroup="NewUserWi
ASKER
I've left it in. I'm compiling now and moving to the AWS server.
ASKER
up and running at 54.235.245.110
I was able to register without meeting all the password conditions - could this be a clue?
BTW: as a logged-in user and I click the register button this occurs:
Open in new window