We help IT Professionals succeed at work.

MembershipCreateStatus always returns "invalid password" sql membership

mugsey
mugsey asked
on
4,920 Views
Last Modified: 2013-11-05
Hi I have implemented a custom membership provider that works great.  However, createuser method always returns "invalid password" if I don't enter "*********" for the password.

I have tried every combination of web.config but it does not work , help what should be the correct web.config

here is my web.config

      <MemberShip defaultProvider="SqlMemberShipProvider">
            <providers>
                  <add
        name="SqlMemberShipProvider"
        type="ExtendedMembership.SqlMemberShipProvider, ExtendedMembership"
        connectionStringName="LocalSqlServer"
        description="Extended MemberShip API"
        />
            </providers>

I want to be able to create a user so they can specify any number of characters for a password, even if its only one letter.
Comment
Watch Question

Commented:
I don't know how your ExtendedMembership.SqlMembershipProvider has changed things but with the standard SqlMembershipProvider the following settings in your <add> tag affect those things:

minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"

Note that they are case sensitive attributes of your <add> tag for the membership provider.

Author

Commented:
THanks but I still get the error "invalid password"

Here is where I override the base initialize, I have commented out where it states
....................................//if (config.Count > 0)

as it fails if I put the extra attributes in such as minRequiredPasswordLength="1".  

Here is the code

  #region Provider Section
        private string connectionString;
            public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
            {
                  if ((config == null) || (config.Count == 0))
                        throw new ArgumentNullException("You must supply a valid configuration dictionary.");

                  if (string.IsNullOrEmpty(config["description"]))
                  {
                        config.Remove("description");
                        config.Add("description", "Custom Membership Provider.");
                  }

                  // Let ProviderBase perform the basic initialization
                  base.Initialize(name, config);

                  // Perform feature-specific provider initialization here
                  // Get the connection string
                  string connectionStringName = config["connectionStringName"];
                  if (String.IsNullOrEmpty(connectionStringName))
                        throw new ProviderException("You must specify a connectionStringName attribute.");

                  ConnectionStringsSection cs = (ConnectionStringsSection)ConfigurationManager.GetSection("connectionStrings");

                  if (cs == null)
                        throw new ProviderException("An error occurred retrieving the connection strings section.");

                  if (cs.ConnectionStrings[connectionStringName] == null)
                        throw new ProviderException("The connection string could not be found in the connection strings section.");
                  else
                        connectionString = cs.ConnectionStrings[connectionStringName].ConnectionString;

                  if (String.IsNullOrEmpty(connectionString))
                        throw new ProviderException("The connection string is invalid.");

                  config.Remove("connectionStringName");

                  // Check to see if unexpected attributes were set in configuration
            //if (config.Count > 0)
            //{
            //    string extraAttribute = config.GetKey(0);

            //    if (!String.IsNullOrEmpty(extraAttribute))
            //        throw new ProviderException("The following unrecognized attribute was found in " + Name + "'s configuration: '" + extraAttribute + "'");
            //    else
            //        throw new ProviderException("An unrecognized attribute was found in the provider's configuration.");
            //}
        }
        #endregion

Author

Commented:
I know what the problem is now but I still do not know how to fix it.
You see I am referencing my own membership rovider in my web.config which works create but I use a combination of my own provider and the default one.  
Initially I call the defautl createuser method - now this is where I cannot set the attributes in web.config because they are referencing my own provider

See this code snippet below and you will see why,

 // Call the default Membership CreateUser method
            MembershipUser _mu = Membership.CreateUser(UserName, Password, Email, PasswordQuestion, PasswordAnswer, IsApproved, out status);

            if (status != MembershipCreateStatus.Success)
            {
                return null;
            }

            // Now since the CreateUser was successful, we will add the additional
            // data to our custom table
            UserInfo _ui = new UserInfo(_mu.ProviderUserKey, FirstName, LastName, DateOfBirth, strCominoID,strCCDID,strOracleID,strTeamID, strTeamName,intDeptID,strDeptName,strPrincipalOfficerID,strPrincipalOfficerName, strMembershipFilter, strTeamUserName, strPOUserName);
            if (MemberShip.Provider.CreateUser(_ui) == true)
                return new MemberShipUser(_mu, FirstName, LastName, DateOfBirth, strCominoID, strCCDID, strOracleID, strTeamID, strTeamName, intDeptID, strDeptName, strPrincipalOfficerID, strPrincipalOfficerName, strMembershipFilter, strTeamUserName, strPOUserName);



See what I mean  How can I amend the default create user method so it accepts
minRequiredPasswordLength="1"
minRequiredNonalphanumericCharacters="0"
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
After re-reading what I posted above, the line: "ASP.NET's default membership provider is added in your machine.config file but you can clear that and add it in your providers section so as to change it's settings for your site." could be mis-interpreted. This does not mean remove it from your machine.config. The "clear" part means, add the <clear /> element in your site's web.config Membership Providers section.

Author

Commented:
Thanks I have tried what you suggested however I get the error

Provider must implement the class ExtendedMembership.MemberShipProvider'.


When I use the createuser method

Commented:
You have to make sure your custom provider implements the required methods of ExtendedMembership.MemberShipProvider.

Author

Commented:
HI Thanks

My custom membership provider works great if I only specify it in web.config as default provider.  However if I add the

AspNetSqlMembershipProvider

then I get the error

I breaks when it hits this code

             MembershipCreateStatus status;
            _user = MemberShip.CreateUser(txtEmail.Text, txtPassword.Text, etc etc

The above code is using MY OWN CUSTOM PROVIDER, but this in turn calls the default AspNetSqlMembershipProvider createuser method.

Is it the way I have set it in my web.config?

Author

Commented:
I have worked out how to do it

I forgot to add the default membership provider in the SECTION key in web.config

Author

Commented:
Hi

I tried your solution TSmooth but it still does not pick up the web.config keys for the default provider, it all works fine, hower I cannot change the defautl values for the asp.net membership

Here is my web.config

    <section name="Membership" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="Everywhere" />
            <section name="MemberShip" type="ExtendedMembership.MemberShipConfiguration, ExtendedMembership" allowDefinition="MachineToApplication"/>

    <providers>
      <clear/>
      <add name="SqlMemberShipProvider"                      
        type="ExtendedMembership.SqlMemberShipProvider, ExtendedMembership"                
        applicationName="/"
        connectionStringName="LocalSqlServer"
        description="Extended MemberShip API"/>

    </providers>
  </MemberShip>


  <Membership defaultProvider="AspNetSqlMembershipProvider">
    <providers>
      <remove name="AspNetSqlMembershipProvider" />
      <add name="AspNetSqlMembershipProvider"
           type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="LocalSqlServer"
        enablePasswordRetrieval="true"
        enablePasswordReset="true"
        requiresQuestionAndAnswer="false"
        applicationName="/"
        requiresUniqueEmail="true"
        passwordFormat="clear"
        maxInvalidPasswordAttempts="15"
        minRequiredPasswordLength="1"
        minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="30"
        passwordStrengthRegularExpression="" />

Commented:
Ok one thingsI noticed from what you posted above. In your <providers> section, you are <clear/> 'ing it which is deleting the default membership provider, and you never add that one back in. You are only adding in your Extended Membership provider.

Author

Commented:
HI THANKS

This is my latest provider which still produces the same result

<MemberShip defaultProvider="SqlMemberShipProvider">
    <providers>
      <clear/>
      <add name="SqlMemberShipProvider"                      
        type="ExtendedMembership.SqlMemberShipProvider, ExtendedMembership"                
        applicationName="/"
        connectionStringName="LocalSqlServer"
        description="Extended MemberShip API"/>

    </providers>
  </MemberShip>


  <Membership>
    <providers>
      <clear/>
      <remove name="AspNetSqlMembershipProvider" />
      <add name="AspNetSqlMembershipProvider"
           type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="LocalSqlServer"
        enablePasswordRetrieval="true"
        enablePasswordReset="false"
        requiresQuestionAndAnswer="false"
        applicationName="/"
        requiresUniqueEmail="true"
        passwordFormat="clear"
        maxInvalidPasswordAttempts="15"
        minRequiredPasswordLength="1"
        minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="30"
        passwordStrengthRegularExpression="" />

    </providers>
  </Membership>

Commented:
You're still clearing every time and you're using two different membership sections.. move it all into one like so:

  <Membership>
    <providers>
      <clear/>
      <add name="SqlMemberShipProvider"                      
        type="ExtendedMembership.SqlMemberShipProvider, ExtendedMembership"                
        applicationName="/"
        connectionStringName="LocalSqlServer"
        description="Extended MemberShip API"/>
      <add name="AspNetSqlMembershipProvider"
           type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        connectionStringName="LocalSqlServer"
        enablePasswordRetrieval="true"
        enablePasswordReset="false"
        requiresQuestionAndAnswer="false"
        applicationName="/"
        requiresUniqueEmail="true"
        passwordFormat="clear"
        maxInvalidPasswordAttempts="15"
        minRequiredPasswordLength="1"
        minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="30"
        passwordStrengthRegularExpression="" />

    </providers>
  </Membership>

Author

Commented:
Thanks a lot but would I have to amend my section elements?  They are currently like this

<section name="Membership" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="Everywhere" />
            <section name="MemberShip" type="ExtendedMembership.MemberShipConfiguration, ExtendedMembership" allowDefinition="MachineToApplication"/>

Commented:
You shouldn't have to change the default machine.config section setups at all, there should be one for membership that looks like this:

<section name="membership" type="System.Web.Configuration.MembershipSection, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToApplication" />

Author

Commented:
Hmmm I am wondering if its because I have

section name="Membership" type="System.Web.Security.SqlMembershipProvider,

and

section name="MemberShip" type="ExtendedMembership.MemberShipConfiguration

Now is it because I have set "Membership" with a capital letter M?

I have posted a similar post here for 500 points

https://www.experts-exchange.com/Programming/Languages/C_Sharp/Q_22797270.html



Commented:
The config files are case sensitive so make sure you are using the right case. Like I said, you should not have to mess with the section names at all from the default values.

Author

Commented:
Thanks

But could you download this simple example using custom membership and see if you can set the web.config to it does not ask for password question and answer?

Its here
http://www.code-magazine.com/Article.aspx?quickid=0703071

Author

Commented:
THANKS BUT I HAVE SORTED IT -ALL I NEEDED TO DO WAS TO MOVE THE MEMBERSHIP ELEMENT UNDER SYSTEM.WEB

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.