mugsey
asked on
MembershipCreateStatus always returns "invalid password" sql membership
Hi I have implemented a custom membership provider that works great. However, createuser method always returns "invalid password" if I don't enter "*********" for the password.
I have tried every combination of web.config but it does not work , help what should be the correct web.config
here is my web.config
<MemberShip defaultProvider="SqlMember ShipProvid er">
<providers>
<add
name="SqlMemberShipProvide r"
type="ExtendedMembership.S qlMemberSh ipProvider , ExtendedMembership"
connectionStringName="Loca lSqlServer "
description="Extended MemberShip API"
/>
</providers>
I want to be able to create a user so they can specify any number of characters for a password, even if its only one letter.
I have tried every combination of web.config but it does not work , help what should be the correct web.config
here is my web.config
<MemberShip defaultProvider="SqlMember
<providers>
<add
name="SqlMemberShipProvide
type="ExtendedMembership.S
connectionStringName="Loca
description="Extended MemberShip API"
/>
</providers>
I want to be able to create a user so they can specify any number of characters for a password, even if its only one letter.
ASKER
THanks but I still get the error "invalid password"
Here is where I override the base initialize, I have commented out where it states
.......................... .......... //if (config.Count > 0)
as it fails if I put the extra attributes in such as minRequiredPasswordLength= "1".
Here is the code
#region Provider Section
private string connectionString;
public override void Initialize(string name, System.Collections.Special ized.NameV alueCollec tion config)
{
if ((config == null) || (config.Count == 0))
throw new ArgumentNullException("You must supply a valid configuration dictionary.");
if (string.IsNullOrEmpty(conf ig["descri ption"]))
{
config.Remove("description ");
config.Add("description", "Custom Membership Provider.");
}
// Let ProviderBase perform the basic initialization
base.Initialize(name, config);
// Perform feature-specific provider initialization here
// Get the connection string
string connectionStringName = config["connectionStringNa me"];
if (String.IsNullOrEmpty(conn ectionStri ngName))
throw new ProviderException("You must specify a connectionStringName attribute.");
ConnectionStringsSection cs = (ConnectionStringsSection) Configurat ionManager .GetSectio n("connect ionStrings ");
if (cs == null)
throw new ProviderException("An error occurred retrieving the connection strings section.");
if (cs.ConnectionStrings[conn ectionStri ngName] == null)
throw new ProviderException("The connection string could not be found in the connection strings section.");
else
connectionString = cs.ConnectionStrings[conne ctionStrin gName].Con nectionStr ing;
if (String.IsNullOrEmpty(conn ectionStri ng))
throw new ProviderException("The connection string is invalid.");
config.Remove("connectionS tringName" );
// Check to see if unexpected attributes were set in configuration
//if (config.Count > 0)
//{
// string extraAttribute = config.GetKey(0);
// if (!String.IsNullOrEmpty(ext raAttribut e))
// throw new ProviderException("The following unrecognized attribute was found in " + Name + "'s configuration: '" + extraAttribute + "'");
// else
// throw new ProviderException("An unrecognized attribute was found in the provider's configuration.");
//}
}
#endregion
Here is where I override the base initialize, I have commented out where it states
..........................
as it fails if I put the extra attributes in such as minRequiredPasswordLength=
Here is the code
#region Provider Section
private string connectionString;
public override void Initialize(string name, System.Collections.Special
{
if ((config == null) || (config.Count == 0))
throw new ArgumentNullException("You
if (string.IsNullOrEmpty(conf
{
config.Remove("description
config.Add("description", "Custom Membership Provider.");
}
// Let ProviderBase perform the basic initialization
base.Initialize(name, config);
// Perform feature-specific provider initialization here
// Get the connection string
string connectionStringName = config["connectionStringNa
if (String.IsNullOrEmpty(conn
throw new ProviderException("You must specify a connectionStringName attribute.");
ConnectionStringsSection cs = (ConnectionStringsSection)
if (cs == null)
throw new ProviderException("An error occurred retrieving the connection strings section.");
if (cs.ConnectionStrings[conn
throw new ProviderException("The connection string could not be found in the connection strings section.");
else
connectionString = cs.ConnectionStrings[conne
if (String.IsNullOrEmpty(conn
throw new ProviderException("The connection string is invalid.");
config.Remove("connectionS
// Check to see if unexpected attributes were set in configuration
//if (config.Count > 0)
//{
// string extraAttribute = config.GetKey(0);
// if (!String.IsNullOrEmpty(ext
// throw new ProviderException("The following unrecognized attribute was found in " + Name + "'s configuration: '" + extraAttribute + "'");
// else
// throw new ProviderException("An unrecognized attribute was found in the provider's configuration.");
//}
}
#endregion
ASKER
I know what the problem is now but I still do not know how to fix it.
You see I am referencing my own membership rovider in my web.config which works create but I use a combination of my own provider and the default one.
Initially I call the defautl createuser method - now this is where I cannot set the attributes in web.config because they are referencing my own provider
See this code snippet below and you will see why,
// Call the default Membership CreateUser method
MembershipUser _mu = Membership.CreateUser(User Name, Password, Email, PasswordQuestion, PasswordAnswer, IsApproved, out status);
if (status != MembershipCreateStatus.Suc cess)
{
return null;
}
// Now since the CreateUser was successful, we will add the additional
// data to our custom table
UserInfo _ui = new UserInfo(_mu.ProviderUserK ey, FirstName, LastName, DateOfBirth, strCominoID,strCCDID,strOr acleID,str TeamID, strTeamName,intDeptID,strD eptName,st rPrincipal OfficerID, strPrincip alOfficerN ame, strMembershipFilter, strTeamUserName, strPOUserName);
if (MemberShip.Provider.Creat eUser(_ui) == true)
return new MemberShipUser(_mu, FirstName, LastName, DateOfBirth, strCominoID, strCCDID, strOracleID, strTeamID, strTeamName, intDeptID, strDeptName, strPrincipalOfficerID, strPrincipalOfficerName, strMembershipFilter, strTeamUserName, strPOUserName);
See what I mean How can I amend the default create user method so it accepts
minRequiredPasswordLength= "1"
minRequiredNonalphanumeric Characters ="0"
You see I am referencing my own membership rovider in my web.config which works create but I use a combination of my own provider and the default one.
Initially I call the defautl createuser method - now this is where I cannot set the attributes in web.config because they are referencing my own provider
See this code snippet below and you will see why,
// Call the default Membership CreateUser method
MembershipUser _mu = Membership.CreateUser(User
if (status != MembershipCreateStatus.Suc
{
return null;
}
// Now since the CreateUser was successful, we will add the additional
// data to our custom table
UserInfo _ui = new UserInfo(_mu.ProviderUserK
if (MemberShip.Provider.Creat
return new MemberShipUser(_mu, FirstName, LastName, DateOfBirth, strCominoID, strCCDID, strOracleID, strTeamID, strTeamName, intDeptID, strDeptName, strPrincipalOfficerID, strPrincipalOfficerName, strMembershipFilter, strTeamUserName, strPOUserName);
See what I mean How can I amend the default create user method so it accepts
minRequiredPasswordLength=
minRequiredNonalphanumeric
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
After re-reading what I posted above, the line: "ASP.NET's default membership provider is added in your machine.config file but you can clear that and add it in your providers section so as to change it's settings for your site." could be mis-interpreted. This does not mean remove it from your machine.config. The "clear" part means, add the <clear /> element in your site's web.config Membership Providers section.
ASKER
Thanks I have tried what you suggested however I get the error
Provider must implement the class ExtendedMembership.MemberS hipProvide r'.
When I use the createuser method
Provider must implement the class ExtendedMembership.MemberS
When I use the createuser method
You have to make sure your custom provider implements the required methods of ExtendedMembership.MemberS hipProvide r.
ASKER
HI Thanks
My custom membership provider works great if I only specify it in web.config as default provider. However if I add the
AspNetSqlMembershipProvide r
then I get the error
I breaks when it hits this code
MembershipCreateStatus status;
_user = MemberShip.CreateUser(txtE mail.Text, txtPassword.Text, etc etc
The above code is using MY OWN CUSTOM PROVIDER, but this in turn calls the default AspNetSqlMembershipProvide r createuser method.
Is it the way I have set it in my web.config?
My custom membership provider works great if I only specify it in web.config as default provider. However if I add the
AspNetSqlMembershipProvide
then I get the error
I breaks when it hits this code
MembershipCreateStatus status;
_user = MemberShip.CreateUser(txtE
The above code is using MY OWN CUSTOM PROVIDER, but this in turn calls the default AspNetSqlMembershipProvide
Is it the way I have set it in my web.config?
ASKER
I have worked out how to do it
I forgot to add the default membership provider in the SECTION key in web.config
I forgot to add the default membership provider in the SECTION key in web.config
ASKER
Hi
I tried your solution TSmooth but it still does not pick up the web.config keys for the default provider, it all works fine, hower I cannot change the defautl values for the asp.net membership
Here is my web.config
<section name="Membership" type="System.Web.Security. SqlMembers hipProvide r, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a" allowDefinition="Everywher e" />
<section name="MemberShip" type="ExtendedMembership.M emberShipC onfigurati on, ExtendedMembership" allowDefinition="MachineTo Applicatio n"/>
<providers>
<clear/>
<add name="SqlMemberShipProvide r"
type="ExtendedMembership.S qlMemberSh ipProvider , ExtendedMembership"
applicationName="/"
connectionStringName="Loca lSqlServer "
description="Extended MemberShip API"/>
</providers>
</MemberShip>
<Membership defaultProvider="AspNetSql Membership Provider">
<providers>
<remove name="AspNetSqlMembershipP rovider" />
<add name="AspNetSqlMembershipP rovider"
type="System.Web.Security. SqlMembers hipProvide r, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a"
connectionStringName="Loca lSqlServer "
enablePasswordRetrieval="t rue"
enablePasswordReset="true"
requiresQuestionAndAnswer= "false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="clear"
maxInvalidPasswordAttempts ="15"
minRequiredPasswordLength= "1"
minRequiredNonalphanumeric Characters ="0"
passwordAttemptWindow="30"
passwordStrengthRegularExp ression="" />
I tried your solution TSmooth but it still does not pick up the web.config keys for the default provider, it all works fine, hower I cannot change the defautl values for the asp.net membership
Here is my web.config
<section name="Membership" type="System.Web.Security.
<section name="MemberShip" type="ExtendedMembership.M
<providers>
<clear/>
<add name="SqlMemberShipProvide
type="ExtendedMembership.S
applicationName="/"
connectionStringName="Loca
description="Extended MemberShip API"/>
</providers>
</MemberShip>
<Membership defaultProvider="AspNetSql
<providers>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="t
enablePasswordReset="true"
requiresQuestionAndAnswer=
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="clear"
maxInvalidPasswordAttempts
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordAttemptWindow="30"
passwordStrengthRegularExp
Ok one thingsI noticed from what you posted above. In your <providers> section, you are <clear/> 'ing it which is deleting the default membership provider, and you never add that one back in. You are only adding in your Extended Membership provider.
ASKER
HI THANKS
This is my latest provider which still produces the same result
<MemberShip defaultProvider="SqlMember ShipProvid er">
<providers>
<clear/>
<add name="SqlMemberShipProvide r"
type="ExtendedMembership.S qlMemberSh ipProvider , ExtendedMembership"
applicationName="/"
connectionStringName="Loca lSqlServer "
description="Extended MemberShip API"/>
</providers>
</MemberShip>
<Membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipP rovider" />
<add name="AspNetSqlMembershipP rovider"
type="System.Web.Security. SqlMembers hipProvide r, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a"
connectionStringName="Loca lSqlServer "
enablePasswordRetrieval="t rue"
enablePasswordReset="false "
requiresQuestionAndAnswer= "false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="clear"
maxInvalidPasswordAttempts ="15"
minRequiredPasswordLength= "1"
minRequiredNonalphanumeric Characters ="0"
passwordAttemptWindow="30"
passwordStrengthRegularExp ression="" />
</providers>
</Membership>
This is my latest provider which still produces the same result
<MemberShip defaultProvider="SqlMember
<providers>
<clear/>
<add name="SqlMemberShipProvide
type="ExtendedMembership.S
applicationName="/"
connectionStringName="Loca
description="Extended MemberShip API"/>
</providers>
</MemberShip>
<Membership>
<providers>
<clear/>
<remove name="AspNetSqlMembershipP
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="t
enablePasswordReset="false
requiresQuestionAndAnswer=
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="clear"
maxInvalidPasswordAttempts
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordAttemptWindow="30"
passwordStrengthRegularExp
</providers>
</Membership>
You're still clearing every time and you're using two different membership sections.. move it all into one like so:
<Membership>
<providers>
<clear/>
<add name="SqlMemberShipProvide r"
type="ExtendedMembership.S qlMemberSh ipProvider , ExtendedMembership"
applicationName="/"
connectionStringName="Loca lSqlServer "
description="Extended MemberShip API"/>
<add name="AspNetSqlMembershipP rovider"
type="System.Web.Security. SqlMembers hipProvide r, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a"
connectionStringName="Loca lSqlServer "
enablePasswordRetrieval="t rue"
enablePasswordReset="false "
requiresQuestionAndAnswer= "false"
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="clear"
maxInvalidPasswordAttempts ="15"
minRequiredPasswordLength= "1"
minRequiredNonalphanumeric Characters ="0"
passwordAttemptWindow="30"
passwordStrengthRegularExp ression="" />
</providers>
</Membership>
<Membership>
<providers>
<clear/>
<add name="SqlMemberShipProvide
type="ExtendedMembership.S
applicationName="/"
connectionStringName="Loca
description="Extended MemberShip API"/>
<add name="AspNetSqlMembershipP
type="System.Web.Security.
connectionStringName="Loca
enablePasswordRetrieval="t
enablePasswordReset="false
requiresQuestionAndAnswer=
applicationName="/"
requiresUniqueEmail="true"
passwordFormat="clear"
maxInvalidPasswordAttempts
minRequiredPasswordLength=
minRequiredNonalphanumeric
passwordAttemptWindow="30"
passwordStrengthRegularExp
</providers>
</Membership>
ASKER
Thanks a lot but would I have to amend my section elements? They are currently like this
<section name="Membership" type="System.Web.Security. SqlMembers hipProvide r, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a" allowDefinition="Everywher e" />
<section name="MemberShip" type="ExtendedMembership.M emberShipC onfigurati on, ExtendedMembership" allowDefinition="MachineTo Applicatio n"/>
<section name="Membership" type="System.Web.Security.
<section name="MemberShip" type="ExtendedMembership.M
You shouldn't have to change the default machine.config section setups at all, there should be one for membership that looks like this:
<section name="membership" type="System.Web.Configura tion.Membe rshipSecti on, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d 50a3a" allowDefinition="MachineTo Applicatio n" />
<section name="membership" type="System.Web.Configura
ASKER
Hmmm I am wondering if its because I have
section name="Membership" type="System.Web.Security. SqlMembers hipProvide r,
and
section name="MemberShip" type="ExtendedMembership.M emberShipC onfigurati on
Now is it because I have set "Membership" with a capital letter M?
I have posted a similar post here for 500 points
https://www.experts-exchange.com/questions/22797270/AspNetSqlMembershipProvider-always-picking-up-machine-config-settings-not-picking-up-web-config-asp-net-c.html
section name="Membership" type="System.Web.Security.
and
section name="MemberShip" type="ExtendedMembership.M
Now is it because I have set "Membership" with a capital letter M?
I have posted a similar post here for 500 points
https://www.experts-exchange.com/questions/22797270/AspNetSqlMembershipProvider-always-picking-up-machine-config-settings-not-picking-up-web-config-asp-net-c.html
The config files are case sensitive so make sure you are using the right case. Like I said, you should not have to mess with the section names at all from the default values.
ASKER
Thanks
But could you download this simple example using custom membership and see if you can set the web.config to it does not ask for password question and answer?
Its here
http://www.code-magazine.com/Article.aspx?quickid=0703071
But could you download this simple example using custom membership and see if you can set the web.config to it does not ask for password question and answer?
Its here
http://www.code-magazine.com/Article.aspx?quickid=0703071
ASKER
THANKS BUT I HAVE SORTED IT -ALL I NEEDED TO DO WAS TO MOVE THE MEMBERSHIP ELEMENT UNDER SYSTEM.WEB
minRequiredPasswordLength=
minRequiredNonalphanumeric
Note that they are case sensitive attributes of your <add> tag for the membership provider.