Solved

asp.net validateuser failure

Posted on 2010-09-01
1
338 Views
Last Modified: 2012-05-10
On my site I am able to register a user using createuserwizard with the setting 'LoginCreatedUser' set to true.  All of this is done successfully.  When I log the user out and use the login control to log user back in.  I am unable to authenticate users.  Continually receive a Failure Message.

I'm using Membership to CreateUser and to ValidateUser but something is being capture differently.  When I'm capturing the username and password fields how are these values compared to data stored in aspnet_Membership table?
HTML:



<asp:Login ID="RMELogin" runat="server" Enabled="true" DisplayRememberMe="true" 

                    FailureText="Login failed please try again.  If problem continues please see Site Admin." 

                    LoginButtonText="Sign In" MembershipProvider="SqlProvider"

                    RememberMeSet="true" UserNameLabelText="Username:" TextBoxStyle-Width="120px"

                    UserNameRequiredErrorMessage="Username is required" TitleText="" 

                    PasswordRequiredErrorMessage="Password is Requird." 

                    Font-Bold="true" ForeColor="White" OnAuthenticate="onAuthenticatedEvent" OnLoggedIn="onLoggedInEvent">

                        <LayoutTemplate>

                            <table cellpadding="1" cellspacing="0" style="border-collapse:collapse;">

                                <tr>

                                    <td>

                                        <table cellpadding="0">

                                            <tr>

                                                <td align="right">

                                                    <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>

                                                </td>

                                                <td>

                                                    <asp:TextBox ID="UserName" runat="server" Width="120px"></asp:TextBox>

                                                    <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" 

                                                        ControlToValidate="UserName" ErrorMessage="Username is required" 

                                                        ToolTip="Username is required" ValidationGroup="ctl09$RMELogin">*</asp:RequiredFieldValidator>

                                                </td>

                                            </tr>

                                            <tr>

                                                <td align="right">

                                                    <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>

                                                </td>

                                                <td>

                                                    <asp:TextBox ID="Password" runat="server" TextMode="Password" Width="120px"></asp:TextBox>

                                                    <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" 

                                                        ControlToValidate="Password" ErrorMessage="Password is Requird." 

                                                        ToolTip="Password is Requird." ValidationGroup="ctl09$RMELogin">*</asp:RequiredFieldValidator>

                                                </td>

                                            </tr>

                                            <tr>

                                                <td colspan="2">

                                                    <asp:CheckBox ID="RememberMe" runat="server" Checked="True" 

                                                        Text="Remember me next time." />

                                                </td>

                                            </tr>

                                            <tr>

                                                <td align="center" colspan="2" style="color:Red;">

                                                    <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal>

                                                </td>

                                            </tr>

                                            <tr>

                                                <td align="right" colspan="2">

                                                    <asp:Button ID="LoginButton" runat="server" CommandName="Login" Text="Sign In" 

                                                        ValidationGroup="ctl09$RMELogin" />

                                                </td>

                                            </tr>

                                        </table>

                                    </td>

                                </tr>

                            </table>

                        </LayoutTemplate>

                        <TextBoxStyle Width="120px" />

                    </asp:Login>



ASPX:

 Protected Sub onAuthenticatedEvent(ByVal sender As Object, ByVal e As EventArgs)

        Dim userNameTB As TextBox = CType(LoginView1.FindControl("RMELogin").FindControl("UserName"), TextBox)

        Dim passwordTB As TextBox = CType(LoginView1.FindControl("RMELogin").FindControl("Password"), TextBox)



        Try

            If Not (Membership.ValidateUser(userNameTB.Text, passwordTB.Text)) Then

                ClientScript.RegisterStartupScript(Me.GetType(), "alert", "<script language='javascript'>alert('Authentication Fail.');</script>")

            End If

        Catch ex As Exception

            ClientScript.RegisterStartupScript(Me.GetType(), "alert", "<script language='javascript'>alert('" + ex.Message + "');</script>")

        End Try





    End Sub



    Protected Sub onLoggedInEvent(ByVal sender As Object, ByVal e As EventArgs)

        ClientScript.RegisterStartupScript(Me.GetType(), "alert", "<script language='javascript'>alert('Inside Logged In');</script>")

        Dim userNameTB As TextBox = CType(LoginView1.FindControl("RMELogin").FindControl("UserName"), TextBox)

        Dim passwordTB As TextBox = CType(LoginView1.FindControl("RMELogin").FindControl("Password"), TextBox)

        Try

            If Not (Request.IsSecureConnection) Then

                changeSSLUrl = ChangetoSecureSite()

            End If



            ClientScript.RegisterStartupScript(Me.GetType(), "alert", "<script language='javascript'>alert('" + User.Identity.Name + "');</script>")

            If Roles.IsUserInRole(User.Identity.Name, "Administrator") Or Roles.IsUserInRole(User.Identity.Name, "Site Admin") Or Roles.IsUserInRole(User.Identity.Name, "Assistant") Then

                redirectUrl = changeSSLUrl.ToString.Replace("Default.aspx", "RME/EntityContentPages/EntityHome.aspx")

            Else

                redirectUrl = changeSSLUrl.ToString.Replace("Default.aspx", "RME/MemberContentPages/MemberHome.aspx")

            End If



            Response.Redirect(redirectUrl)

        Catch ex As Exception

            ClientScript.RegisterStartupScript(Me.GetType(), "alert", "<script language='javascript'>alert('onLoggedInEvent produce the following error:\n" + ex.Message + "');</script>")

        End Try



    End Sub



web.config

 <!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

    <authentication mode="Forms">

      <forms defaultUrl="~/Default.aspx" protection="All" name=".ASPXFORMSAUTH" loginUrl="Default.aspx" slidingExpiration="false"  timeout="10" requireSSL="true"

        cookieless="UseCookies" />

    </authentication>

    <!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->

    <authorization>

      <deny users="?" />

    </authorization>

    <!-- Set HttpCookie's: this setting indicates whether SSL is required-->

    <httpCookies requireSSL="true" />

    <!--Since the 'protection' variable in the Forms tag is set to 'All' then we must set the Machine Key parameters Validation Key to SHA1 -->

    <machineKey validationKey="AutoGenerate" validation="SHA1"/>    

    <!--Memeber ship Class -->

    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">

      <providers>

        <remove name="AspNetSqlProvider" />

        <add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="rmeaspnetdbConnectionString" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed"/>

      </providers>

    </membership>

    <!--Role Management goes here-->

    <roleManager defaultProvider="SqlProvider" enabled="true" cacheRolesInCookie="true" cookieProtection="All">

      <providers>

        <add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="rmeaspnetdbConnectionString"

             applicationName="/" />

      </providers>

    </roleManager>

  </system.web> <!-- Closing System.web inorder to apply location tags -->



  <!-- This section gives the unauthenticated user access to the Default.aspx page only. It is located in the same folder as this configuration file. -->

  <location path="Default.aspx">

    <system.web>

      <authorization>

        <allow users ="*" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives the unauthenticated user access to all Account Pages. -->

  <location path="Account">

    <system.web>

      <authorization>

        <allow users ="*" />

      </authorization>

    </system.web>

  </location>

  <location path="ChangePassword.aspx">

    <system.web>

      <authorization>

        <deny users ="?" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives the authenticated user access to all of the files that are stored in the Member Content Pages folder.  -->

  <location path="MemberContentPages">

    <system.web>

      <authorization>

        <deny users ="?" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives the authenticated user with Role Administrator, Site Admin and Assistant access to all of the files that are stored in the Entity Content Pages folder.  -->

  <location path="EntityContentPages">

    <system.web>

      <authorization>

        <deny users ="?" />

        <deny roles = "Member" />

        <deny roles = "Client" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives the authenticated user access to all of the files that are stored in the Content Pages folder.  -->

  <location path="ContentPages">

    <system.web>

      <authorization>

        <deny users ="?" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives authentication to the Administrator role only all of files stored in the Admin Pages folder.  -->

  <location path="AdminPages">

    <system.web>

      <authorization>

        <deny users ="?" />

        <allow roles = "Adminstrator" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives the unauthenticated users access to All RME Application.  -->

  <location path="Applications">

    <system.web>

      <authorization>

        <allow users = "*" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives the unauthenticated users access to Scrapbook introduction page.  -->

  <location path="Scrapbook">

    <system.web>

      <authorization>

        <allow users = "*" />

      </authorization>

    </system.web>

  </location>

  <!-- This section gives authenticated users access to Editor and Slideshow.  -->

  <location path="ScrapBookEditor.aspx">

    <system.web>

      <authorization>

        <deny users = "?" />

      </authorization>

    </system.web>

  </location>

  <location path="ScrapbookSlideShow.aspx">

    <system.web>

      <authorization>

        <deny users = "?" />

      </authorization>

    </system.web>

  </location>

  <system.web>  <!-- Re-Open System.web from previous closing  -->

Open in new window

0
Comment
Question by:Robert Treadwell
1 Comment
 

Accepted Solution

by:
Robert Treadwell earned 0 total points
ID: 33587951
I originally did not set e.Authenticated to True, added code all works well.


if Memebership.ValidateUser(username, password) then

          e.Authenticated = True

End If

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WPF - Tooltips for ComboBox items 5 28
Server Error 11 47
SQL Server - SQL field is defined as text 3 27
Need a starter for ETL protocol? 4 33
Naughty Me. While I was changing the database name from DB1 to DB_PROD1 (yep it's not real database name ^v^), I changed the database name and notified my application fellows that I did it. They turn on the application, and everything is working. A …
In this article I will describe the Detach & Attach method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now