SQL Server passwords

I am using the CreateUserWizard for new user signup at www.lucidequipment.com and having problems with passwords. A new user is created, with email, password, and password verification.  All seems fine.

However when attempting to login using the newly established credentials, the login fails. Using the 'forgot your password' link, a new password is mailed to the user, as expected. It is a typically long and strong password. Login using the new password is successful.  Once a user logs in using the password sent to them by the system, the change password functionality is used to change the pwd back to the more memorable original pwd, the one that failed. Subsequent logins using that memorable pwd, the one that originally failed, are successful.  

What is going on here?  All passwords we use conform to the SS password policy.Files are attached.
website3-register.aspx.docx
website3-register.vb.docx
Mark KleinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kevin CrossChief Technology OfficerCommented:
Hi.

Is it possible the account is waiting for e-mail verification? i.e., it is disabled. The password reset process likely enables the account because it verifies the e-mail when clicking on the reset password link.

Kevin

P.S. I read on another forum that one issue can be the user is logging in successfully but because the site is redirecting back to admin section where user was created it fails as the newly created user does not have the authority to view admin pages.

If you want every new user creation to auto login, you can try setting the CreateUserWizard.LoginCreatedUser property to true.
0
Mark KleinAuthor Commented:
I am closing this question.  I have still not resolved the login issues, but have found other errors that must be fixed first.
0
Mark KleinAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for lucideq's comment #a39481425

for the following reason:

The question I posed was not at the heart of the problem.  I will repost another, related question.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Mark KleinAuthor Commented:
I would like to reopen this problem and request some help.

Login is still not working.  For a long time I thought that the problem might be in the user registration process, where unacceptable passwords were being accepted, and login being stopped b/c of them.  I have done a lot of work to debug the registration process.  It is certainly improved to the point where when bad passwords are entered upon account setup, they are properly rejected. I am now using passwords of length 7 or more, plus alpha and at least 1 non-alphanumeric. However any attempts to re-login after registration fail.  

I still need help.
0
Kevin CrossChief Technology OfficerCommented:
You may want to answer my comment above even it was not helpful. To attract more Experts at this point, you likely will need to request attention of a Moderator who will request you first reply to my message. Therefore, I would just get it out of the way plus it will give other Experts knowledge of what you have tried of my comment and the results, so they know what other suggestions to give you.
0
Mark KleinAuthor Commented:
to my knowledge there is not and never has been any email verification or other email associated with the registration process. Neither is there any redirect to admin sections.

LoginCreatedUser defaults to true.  I've set it false to accommodate testing.  I want to see account status in Membership and User tables to see if I can catch a hint of what's happening. When it was in the default true state, the new user was logged in, but upon logout could not log back in b/c of password.

One puzzling part of this problem is that when the password is reset, the user has the opportunity then to change the password.  Upon changing to the original password, the one that was rejected after logout, it now works.

I've also checked the IsLockedOut status, which is fine.
0
Kevin CrossChief Technology OfficerCommented:
Have you debugged/traced the data in the process to ensure that the password is coming across as typed between the user entry and the actual creation? For example, check that there are no extraneous spaces, difference in case, or encryption.
0
Mark KleinAuthor Commented:
The password is stored encrypted in the db, so no, I haven't checked. But I am fairly meticulous about this and am very careful in the data entry.  

Besides, this is extremely repeatable: enter a password, create a new account, logout, can't log back in, request a new password, get the new password (long and ugly), log in with it, change password to original entry, and all is ok going forward with the originally chosen password.

It's so repeatable that I don't think it is extraneous spaces, case differences, etc.
0
Mark KleinAuthor Commented:
I suggest you go to the website at www.lucidequipment.com and try the repeatable process I described in the second paragraph above.  During the password change operation, be sure to correctly enter the password that was sent to you and don't blindly accept what's possibly already in the "old password' field.
0
Kevin CrossChief Technology OfficerCommented:
Okay. I will. I guess I was saying to trace the application to make sure that the registration page was not altering the password in some fashion to add spaces, et cetera. In other words, check if it is possible that the code making the other pages function is not the same code in the registration page; therefore, it always messes up on registration but works every where else.

EDIT: For example, you ask for special characters like &, which the Web page may be converting to HTML entities. Just a thought. Anyway, I am registering account ee_test01 now, so you will know that is my test account.
0
Kevin CrossChief Technology OfficerCommented:
I just registered and when I click logout, I get:
NullReferenceException: Object reference not set to an instance of an object.
MyAccount..ctor() +48
   ASP.myaccount_aspx..ctor() +55
   __ASP.FastObjectFactory_app_web_40tbuhjt.Create_ASP_myaccount_aspx() +52
   System.Web.Compilation.BuildResultCompiledType.CreateInstance() +30
   System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp) +100
   System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +31
   System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String requestType, String virtualPath, String path) +37
   System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +346
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Open in new window


Therefore, there is a problem in code you need to resolve. It may be contributing to the issue with the password.
0
Mark KleinAuthor Commented:
Thanks for walking through this.  I appreciate it.

When did you logout? at what point? The registration is set up, as I said earlier, to not log the new registrant in.  You have to login, which fails, and request a new password. I haven't seen the error you are reporting, so that is a help, and that's why I was asking at what point in the process you logged out.  Were you ever able to actually log in?

Oops, I just realized that you are using the old code, before I changed the LogincreatedUser flag. The code you were using is running on a GoDaddy server; the sql server db is on AWS.  I'm in the process of moving the code to AWS too, but have been working in debug mode. I sent you to the old stuff where you are logged in after registering.  I'll need to figure out something for you to test.
0
Kevin CrossChief Technology OfficerCommented:
The registration logged me in. After I completed the form, it asked me to select an option and click continue. After I click through the process, it took me to a page that had my username at the top with (logout) next to it. I clicked log out, so I could try the login as you said and got the error. After, I saw that I could not login as you said.
0
Mark KleinAuthor Commented:
Thanks.  Yes, that is the problem. My plan is to enable the email send function on AWS, complete the transfer of the website code to AWS, and open up the site there for testing. Stay tuned.  It will take until the weekend--my day job interferes.
0
Mark KleinAuthor Commented:
this was eventually solved by posing a different question.  See

http://www.experts-exchange.com/Programming/Languages/.NET/Visual_Basic.NET/Q_28246148.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark KleinAuthor Commented:
needed to restate the problem
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.