SQL Server passwords
I am using the CreateUserWizard for new user signup at www.lucidequipment.com and having problems with passwords. A new user is created, with email, password, and password verification. All seems fine.
However when attempting to login using the newly established credentials, the login fails. Using the 'forgot your password' link, a new password is mailed to the user, as expected. It is a typically long and strong password. Login using the new password is successful. Once a user logs in using the password sent to them by the system, the change password functionality is used to change the pwd back to the more memorable original pwd, the one that failed. Subsequent logins using that memorable pwd, the one that originally failed, are successful.
What is going on here? All passwords we use conform to the SS password policy.Files are attached.
website3-register.aspx.docx
website3-register.vb.docx
However when attempting to login using the newly established credentials, the login fails. Using the 'forgot your password' link, a new password is mailed to the user, as expected. It is a typically long and strong password. Login using the new password is successful. Once a user logs in using the password sent to them by the system, the change password functionality is used to change the pwd back to the more memorable original pwd, the one that failed. Subsequent logins using that memorable pwd, the one that originally failed, are successful.
What is going on here? All passwords we use conform to the SS password policy.Files are attached.
website3-register.aspx.docx
website3-register.vb.docx
ASKER
I am closing this question. I have still not resolved the login issues, but have found other errors that must be fixed first.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for lucideq's comment #a39481425
for the following reason:
The question I posed was not at the heart of the problem. I will repost another, related question.
Accepted answer: 0 points for lucideq's comment #a39481425
for the following reason:
The question I posed was not at the heart of the problem. I will repost another, related question.
ASKER
I would like to reopen this problem and request some help.
Login is still not working. For a long time I thought that the problem might be in the user registration process, where unacceptable passwords were being accepted, and login being stopped b/c of them. I have done a lot of work to debug the registration process. It is certainly improved to the point where when bad passwords are entered upon account setup, they are properly rejected. I am now using passwords of length 7 or more, plus alpha and at least 1 non-alphanumeric. However any attempts to re-login after registration fail.
I still need help.
Login is still not working. For a long time I thought that the problem might be in the user registration process, where unacceptable passwords were being accepted, and login being stopped b/c of them. I have done a lot of work to debug the registration process. It is certainly improved to the point where when bad passwords are entered upon account setup, they are properly rejected. I am now using passwords of length 7 or more, plus alpha and at least 1 non-alphanumeric. However any attempts to re-login after registration fail.
I still need help.
You may want to answer my comment above even it was not helpful. To attract more Experts at this point, you likely will need to request attention of a Moderator who will request you first reply to my message. Therefore, I would just get it out of the way plus it will give other Experts knowledge of what you have tried of my comment and the results, so they know what other suggestions to give you.
ASKER
to my knowledge there is not and never has been any email verification or other email associated with the registration process. Neither is there any redirect to admin sections.
LoginCreatedUser defaults to true. I've set it false to accommodate testing. I want to see account status in Membership and User tables to see if I can catch a hint of what's happening. When it was in the default true state, the new user was logged in, but upon logout could not log back in b/c of password.
One puzzling part of this problem is that when the password is reset, the user has the opportunity then to change the password. Upon changing to the original password, the one that was rejected after logout, it now works.
I've also checked the IsLockedOut status, which is fine.
LoginCreatedUser defaults to true. I've set it false to accommodate testing. I want to see account status in Membership and User tables to see if I can catch a hint of what's happening. When it was in the default true state, the new user was logged in, but upon logout could not log back in b/c of password.
One puzzling part of this problem is that when the password is reset, the user has the opportunity then to change the password. Upon changing to the original password, the one that was rejected after logout, it now works.
I've also checked the IsLockedOut status, which is fine.
Have you debugged/traced the data in the process to ensure that the password is coming across as typed between the user entry and the actual creation? For example, check that there are no extraneous spaces, difference in case, or encryption.
ASKER
The password is stored encrypted in the db, so no, I haven't checked. But I am fairly meticulous about this and am very careful in the data entry.
Besides, this is extremely repeatable: enter a password, create a new account, logout, can't log back in, request a new password, get the new password (long and ugly), log in with it, change password to original entry, and all is ok going forward with the originally chosen password.
It's so repeatable that I don't think it is extraneous spaces, case differences, etc.
Besides, this is extremely repeatable: enter a password, create a new account, logout, can't log back in, request a new password, get the new password (long and ugly), log in with it, change password to original entry, and all is ok going forward with the originally chosen password.
It's so repeatable that I don't think it is extraneous spaces, case differences, etc.
ASKER
I suggest you go to the website at www.lucidequipment.com and try the repeatable process I described in the second paragraph above. During the password change operation, be sure to correctly enter the password that was sent to you and don't blindly accept what's possibly already in the "old password' field.
Okay. I will. I guess I was saying to trace the application to make sure that the registration page was not altering the password in some fashion to add spaces, et cetera. In other words, check if it is possible that the code making the other pages function is not the same code in the registration page; therefore, it always messes up on registration but works every where else.
EDIT: For example, you ask for special characters like &, which the Web page may be converting to HTML entities. Just a thought. Anyway, I am registering account ee_test01 now, so you will know that is my test account.
EDIT: For example, you ask for special characters like &, which the Web page may be converting to HTML entities. Just a thought. Anyway, I am registering account ee_test01 now, so you will know that is my test account.
I just registered and when I click logout, I get:
Therefore, there is a problem in code you need to resolve. It may be contributing to the issue with the password.
NullReferenceException: Object reference not set to an instance of an object.
MyAccount..ctor() +48
ASP.myaccount_aspx..ctor() +55
__ASP.FastObjectFactory_app_web_40tbuhjt.Create_ASP_myaccount_aspx() +52
System.Web.Compilation.BuildResultCompiledType.CreateInstance() +30
System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp) +100
System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) +31
System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String requestType, String virtualPath, String path) +37
System.Web.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +346
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155Therefore, there is a problem in code you need to resolve. It may be contributing to the issue with the password.
ASKER
Thanks for walking through this. I appreciate it.
When did you logout? at what point? The registration is set up, as I said earlier, to not log the new registrant in. You have to login, which fails, and request a new password. I haven't seen the error you are reporting, so that is a help, and that's why I was asking at what point in the process you logged out. Were you ever able to actually log in?
Oops, I just realized that you are using the old code, before I changed the LogincreatedUser flag. The code you were using is running on a GoDaddy server; the sql server db is on AWS. I'm in the process of moving the code to AWS too, but have been working in debug mode. I sent you to the old stuff where you are logged in after registering. I'll need to figure out something for you to test.
When did you logout? at what point? The registration is set up, as I said earlier, to not log the new registrant in. You have to login, which fails, and request a new password. I haven't seen the error you are reporting, so that is a help, and that's why I was asking at what point in the process you logged out. Were you ever able to actually log in?
Oops, I just realized that you are using the old code, before I changed the LogincreatedUser flag. The code you were using is running on a GoDaddy server; the sql server db is on AWS. I'm in the process of moving the code to AWS too, but have been working in debug mode. I sent you to the old stuff where you are logged in after registering. I'll need to figure out something for you to test.
The registration logged me in. After I completed the form, it asked me to select an option and click continue. After I click through the process, it took me to a page that had my username at the top with (logout) next to it. I clicked log out, so I could try the login as you said and got the error. After, I saw that I could not login as you said.
ASKER
Thanks. Yes, that is the problem. My plan is to enable the email send function on AWS, complete the transfer of the website code to AWS, and open up the site there for testing. Stay tuned. It will take until the weekend--my day job interferes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
needed to restate the problem
Is it possible the account is waiting for e-mail verification? i.e., it is disabled. The password reset process likely enables the account because it verifies the e-mail when clicking on the reset password link.
Kevin
P.S. I read on another forum that one issue can be the user is logging in successfully but because the site is redirecting back to admin section where user was created it fails as the newly created user does not have the authority to view admin pages.
If you want every new user creation to auto login, you can try setting the CreateUserWizard.LoginCrea