asp.net Login for new user fails

This is a restatement of my earlier question about password validation, which was never answered despite requesting moderator attention. I have since sharpened the question.

My asp.net application for Lucid Equipment is running at 54.235.245.110. However there is a serious, absolutely repeatable problem when a new user registers, namely the user can't login the first time. Upon using the forgot password mechanism, the user gets a new password and successfully logs in.  The password can be changed to  the original password, and that now works.

I have used breakpoints and SSMS (Membership is a SS table), and determined it is not the IsApproved or LockedOut flags. Neither is the password defective.  The user is created, shows up in the Membership and Users tables, but login doesn't work.

Currently LoginCreatedUser is set to false for my debugging convenience. DisableCreatedUser also set to false to make sure the IsApproved flag is not in the way. I've got error coding in the login form which catches bad passwords and other problems.  Registration is now set up to send the new user an email with a link to validate the new user is really a person, so when you test, use a valid email. I am currently allowing reuse of email addresses for testing purposes.  I've worked over web.config too.

Please demonstrate the problem for yourself and then let me know what code you would like to see.
Mark KleinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PortletPaulfreelancerCommented:
The symptom you describe I experienced, but can't offer much I'm afraid.
I was able to register without meeting all the password conditions - could this be a clue?

BTW: as a logged-in user and I click the register button this occurs:
Server Error in '/' Application.

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 


[NullReferenceException: Object reference not set to an instance of an object.]
   BasePage.LogActivity(String action) +280
   System.Web.UI.Control.LoadRecursive() +70
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3063

Open in new window

0
Kamal KhaleefaInformation Security SpecialistCommented:
hi
i register in your site and i enter a password of 6 length and it accept it without showing an  error also it ask me to select my Role

maybe you are missing some thing  in the login part
0
Mark KleinAuthor Commented:
I have added a regex validator to the registration form, now requiring 8 chars, upper and lower case, and number or special character. I still have the original problem.  Since I believe I'm properly trapping IsApproved and LockedOut cases, all that seems to be left is password. I've also checked that the web.config includes the application name
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Mark KleinAuthor Commented:
when you experiment, please preface your user name with "ee" so I can distinguish testers from users
0
Mark KleinAuthor Commented:
Further investigation shows that Membership.validateuser returns false upon first login, but not subsequently.  I have explicitly set the hashedalgorithmType=SHA1 and also the machine key, in the web.config file.  Still not working.
0
Mark KleinAuthor Commented:
My latest theory: I know that IsApproved and LockedOut are properly set. Debugging shows that the username and password are properly entered in the login form, yet generate an error when compared w/ what is in the membership table.

I believe that the hashing algorithm used by createuserwizard is different than that used by Login control, causing the mismatch error. The reason that the changed password works is that its entry form uses the same encoding as login uses upon retrieval.  It's a theory.

I've tried setting machine key and membership both to SHA1 and the asp.net 4.0 default of HMACSHA1
0
guru_samiCommented:
Can you share your membership/roles settings from your web.config.
0
Mark KleinAuthor Commented:
absolutely! Here's a chunk of current web.config settings.  Ask for more if  you need it.

<system.web>
      <machineKey validation="HMACSHA256" validationKey="AutoGenerate,IsolateApps" />
      <roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES"
      cookieTimeout="45" defaultProvider="SqlRoleProvider">
      <providers>
        <add 
          connectionStringName="SqlRoleManagerConnection" 
          applicationName="website3"
          name="SqlRoleProvider" 
          type="System.Web.Security.SqlRoleProvider"
         />
      </providers>
    </roleManager>
    <authentication mode="Forms">
      <forms name=".ASPXFORMSAUTH"/>
    </authentication>
    <authorization>
      <allow users="?"/>
      <allow roles="admin"/>
    </authorization>
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="45" hashAlgorithmType="HMACSHA256">
      <providers>
        <clear/>  
        <add 
          connectionStringName="lucidequipmentConnectionString" 
          applicationName="Website3"
          enablePasswordRetrieval="false" 
          enablePasswordReset="true" 
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Hashed"
          minRequiredPasswordLength="8"
          minRequiredNonalphanumericCharacters="1"
          passwordStrengthRegularExpression=""
          name="SqlProvider" 
          type="System.Web.Security.SqlMembershipProvider"
          />
      </providers>
    </membership>

Open in new window

0
guru_samiCommented:
Since you are doubting the hashalgorithm type, can you do a test on it by using the following when you register and login:
Response.Write (Membership.HashAlgorithmType);

Open in new window

Check this.
-In addition do you see one or two user with the same name in the aspnet_Users table?
Note: I never received the forgot password reset email though.
0
Mark KleinAuthor Commented:
Thanks for the participation; I really appreciate the help.

HashAlgorithm shows as HMACSHA256 in my development environment (LocalHost) when I  inserted your suggestion in the page load sub. The version running on the external server (Amazon Web Services) is still set to SHA1, the earlier default.  No difference in behavior between the two machines.

AWS was running slowly yesterday, which may account for the reset email not getting through, though this function has been running flawlessly at AWS.  Pls try that again.
0
guru_samiCommented:
Yes, I received the email later...
- Can you make sure MembershipProvider property of your CreateUserWizard is not set to something else? Or try setting it explicity to "SqlProvider"
- Also can you make sure there aren't two users with same username in the aspnetUsers table
0
Mark KleinAuthor Commented:
There was no explicit setting for MembershipProvider so I set it as you suggested, to no effect.
I'll check the user table for dups as soon as I return from a doc appointment.  Stay tuned
0
guru_samiCommented:
One more thing to try:
- Remove the hashAlgorithmType from the membership element in web.config
- Then explicitly set the machine key. Use this to generate the machineKey.
0
Mark KleinAuthor Commented:
Still not working.

-removed hashAlgType
-set machine key
relevant part of web.config shown here

 <system.web>
      <machineKey validationKey="3E3C24851E646855E1285A06AB30FE91DE844D308F68A23B59EDEB57B9F7C6A771649B6878920F987CCDD47E260B8AEDA75DDAC3A15BA87940F03DFAAACB84F4" 
                  decryptionKey="FC872AB0519B047334D0ABE582F54E7960CBDE9D7D2E188329954E13AC99155B" 
                  validation="SHA1" decryption="AES" />
      <roleManager enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES"
      cookieTimeout="45" defaultProvider="SqlRoleProvider">
      <providers>
        <add 
          connectionStringName="SqlRoleManagerConnection" 
          applicationName="website3"
          name="SqlRoleProvider" 
          type="System.Web.Security.SqlRoleProvider"
         />
      </providers>
    </roleManager>
    <authentication mode="Forms">
      <forms name=".ASPXFORMSAUTH"/>
    </authentication>
    <authorization>
      <allow users="?"/>
      <allow roles="admin"/>
    </authorization>
    <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="45">
      <providers>
        <clear/>  
        <add 
          connectionStringName="lucidequipmentConnectionString" 
          applicationName="Website3"
          enablePasswordRetrieval="false" 
          enablePasswordReset="true" 
          requiresQuestionAndAnswer="true"
          requiresUniqueEmail="false" 
          passwordFormat="Hashed"
          minRequiredPasswordLength="8"
          minRequiredNonalphanumericCharacters="1"
          passwordStrengthRegularExpression=""
          name="SqlProvider" 
          type="System.Web.Security.SqlMembershipProvider"
          />
      </providers>
    </membership>
    <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
    </compilation>
    <customErrors mode="Off"/>
  </system.web>

Open in new window


here's the createuserwizard code

 <asp:CreateUserWizard ID="NewUserWizard" runat="server"
        LoginCreatedUser="false"
        DisableCreatedUser="true"
        MembershipProvider="SqlProvider"
        passwordregularexpression='(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
        passwordregularexpressionerrormessage="Your password must be at least 8 characters long, and contain at least one number or one special character."
        CompleteSuccessText="Your account has been created, but before you can login you must first verify your email address. A message has been sent to the email address you specified. Please check your email inbox and follow the instructions in that email to verify your account."

        ContinueDestinationPageUrl="~/default.aspx" BackColor="#F7F6F3" 
        BorderColor="#E6E2D8" BorderStyle="Solid" BorderWidth="1px" 
        Font-Names="Verdana" Font-Size="0.8em" AutoGeneratePassword="True">
        <ContinueButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" 
            BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" 
            ForeColor="#284775" />
        <CreateUserButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" 
            BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" 
            ForeColor="#284775" />
        <TitleTextStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />
    <WizardSteps>
        <asp:CreateUserWizardStep runat="server" >
            <ContentTemplate>
                <table style="font-family:Verdana;font-size:100%;" align="center">
                    <tr>
                        <td align="right" colspan="2" 
                            style="color:White;background-color:#5D7B9D;font-weight:bold;">
                            Sign Up for Your New Account</td>
                    </tr>
                    <tr>
                        <td align="right">
                            <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">User Name:</asp:Label>
                        </td>
                        <td align="right">
                            <asp:TextBox ID="UserName" runat="server" ToolTip="Pick a user name"></asp:TextBox>
                            <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" 
                                ControlToValidate="UserName" ErrorMessage="User Name is required." 
                                ToolTip="User Name is required.">*</asp:RequiredFieldValidator>
                        </td>
                    </tr>
                    <tr>
                        <td align="right">
                            <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
                        </td>
                        <td align="right">
                            <asp:TextBox ID="Password" runat="server" Tooltip="Must be at least 8 characters long and must include at least 1 non-alphanumeric character such as @, #, $, %, &" TextMode="Password"></asp:TextBox>
                            <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" 
                                ControlToValidate="Password" ErrorMessage="Your password must be 8 characters long, and contain at least one number and one special character."   
                                ToolTip="Password is required.">*</asp:RequiredFieldValidator>
                         </td>
                    </tr>
                    <tr>
                        <td align="right">
                            <asp:Label ID="ConfirmPasswordLabel" runat="server" 
                                AssociatedControlID="ConfirmPassword">Confirm Password:</asp:Label>
                        </td>
                        <td align="right">
                            <asp:TextBox ID="ConfirmPassword" runat="server" TextMode="Password"></asp:TextBox>
                            <asp:RequiredFieldValidator ID="ConfirmPasswordRequired" runat="server" 
                                ControlToValidate="ConfirmPassword" 
                                ErrorMessage="Confirm Password is required." 
                                ToolTip="Confirm Password is required.">*</asp:RequiredFieldValidator>
                        </td>
                    </tr>
                    <tr>
                        <td align="right">
                            <asp:Label ID="EmailLabel" runat="server" AssociatedControlID="Email">E-mail:</asp:Label>
                        </td>
                        <td align="right">
                            <asp:TextBox ID="Email" runat="server"></asp:TextBox>
                            <asp:RequiredFieldValidator ID="EmailRequired" runat="server" 
                                ControlToValidate="Email" ErrorMessage="E-mail is required." 
                                ToolTip="E-mail is required.">*</asp:RequiredFieldValidator>
                        </td>
                    </tr>
                    <tr>
                        <td align="right">
                            <asp:Label ID="QuestionLabel" runat="server" AssociatedControlID="Question">Security Question:</asp:Label>
                        </td>
                        <td align="right">
                            <asp:TextBox ID="Question" runat="server" ToolTip="For example, 'favorite team'"></asp:TextBox>
                            <asp:RequiredFieldValidator ID="QuestionRequired" runat="server" 
                                ControlToValidate="Question" ErrorMessage="Security question is required." 
                                ToolTip="Security question is required.">*</asp:RequiredFieldValidator>
                        </td>
                    </tr>
                    <tr>
                        <td align="right">
                            <asp:Label ID="AnswerLabel" runat="server" AssociatedControlID="Answer">Security Answer:</asp:Label>
                        </td>
                        <td align="right">
                            <asp:TextBox ID="Answer" runat="server"></asp:TextBox>
                            <asp:RequiredFieldValidator ID="AnswerRequired" runat="server" 
                                ControlToValidate="Answer" ErrorMessage="Security answer is required." 
                                ToolTip="Security answer is required.">*</asp:RequiredFieldValidator>
                        </td>
                    </tr>
                    <tr>
                        <td align="right" colspan="2">
                            <asp:CompareValidator ID="PasswordCompare" runat="server" 
                                ControlToCompare="Password" ControlToValidate="ConfirmPassword" 
                                Display="Dynamic" 
                                ErrorMessage="The Password and Confirmation Password must match.">
                            </asp:CompareValidator>
                            <asp:RegularExpressionValidator 
                                ID="RegularExpressionValidator1" runat="server" 
                                ControlToValidate="Password"
                                Display="Dynamic"
                                validationExpression='(?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
                                ErrorMessage="Your password must be at least 8 characters long, contain upper and lower case letters, and at least one number or one special character.">
                            </asp:RegularExpressionValidator>            

                        </td>
                    </tr>
                    <tr>
                        <td align="right" colspan="2" style="color:Red;">
                            <asp:Literal ID="ErrorMessage" runat="server" EnableViewState="False"></asp:Literal>
                        </td>
                    </tr>
                </table>
            </ContentTemplate>
        </asp:CreateUserWizardStep>

        <asp:WizardStep ID="GetRole" runat="server">
           <asp:Label ID="chooseRole" runat="server" 
                Text="Choose Role">
            </asp:Label>
            <asp:DropDownList ID="DropDownChooseRole" runat="server" 
                DataSourceID="LinqDataSource1" DataTextField="RoleName" 
                DataValueField="RoleID" AutoPostBack="True">
            </asp:DropDownList>
        </asp:WizardStep>

        <asp:CompleteWizardStep ID="completeWizardStep1" runat="server" Title="Complete">
         <ContentTemplate>
                        <table border="0" style="font-size: 100%; font-family: Verdana" id="TABLE1" >
                            <tr>
                                <td align="center" colspan="2" style="font-weight: bold; color: white; background-color: #5d7b9d; height: 18px;">
                                    Complete</td>
                            </tr>
                            <tr>
                                <td>
                                    Your account has been successfully created.
                                    You will shortly receive an email asking you to verify your email address.
                                    You will not be able to login until you complete the verification process.<br />
                                    <br />
                                   </tr>
                            <tr>
                                <td align="right" colspan="2">
                                    &nbsp;<asp:Button ID="ContinueButton" runat="server" BackColor="#FFFBFF" BorderColor="#CCCCCC"
                                        BorderStyle="Solid" BorderWidth="1px" CausesValidation="False" CommandName="Continue"
                                        Font-Names="Verdana" ForeColor="#284775" Text="Continue" ValidationGroup="CreateUserWizard1" />
                                </td>
                            </tr>
                        </table>
                    </ContentTemplate>
        </asp:CompleteWizardStep>
    </WizardSteps>
    <MailDefinition BodyFileName="~/RegisteredUsers/EmailTemplates/NewAccountTemplate.htm" 
                From="admin@lucideq.com" IsBodyHtml="True" 
                Subject="Steps to activate your new account..." Priority="High">
    </MailDefinition>
        <HeaderStyle BackColor="#5D7B9D" BorderStyle="Solid" Font-Bold="True" 
            Font-Size="0.9em" ForeColor="White" HorizontalAlign="Center" />
        <NavigationButtonStyle BackColor="#FFFBFF" BorderColor="#CCCCCC" 
            BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" 
            ForeColor="#284775" />
        <SideBarButtonStyle BorderWidth="0px" Font-Names="Verdana" ForeColor="White" />
        <SideBarStyle BackColor="#5D7B9D" BorderWidth="0px" Font-Size="0.9em" 
            VerticalAlign="Top" />
        <StepStyle BorderWidth="0px" />

   </asp:CreateUserWizard>

Open in new window

0
guru_samiCommented:
I am running out of ideas...
- You said in the beginning you have DisableCreatedUser="false" but in code I see  DisableCreatedUser="true"

- What is it that you are doing when someone clicks the activate link in the registration email. Can you share that code?

- Also if you could share your code-behind from CreateUser.
0
Mark KleinAuthor Commented:
I originally left the new user logged in--the "false" setting.  But for my debugging convenience I changed that to true.

Here's the code-behind for CreateUser.  It's my register.aspx.vb file:
Imports System.Data
Imports System.Data.SqlClient
Imports System.Web.Security
Imports System.Web.UI

Partial Class register

    Inherits BasePage

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        MyBase.LogActivity("Visiting Create Account.")
    End Sub

    Protected Sub NewUserWizard_SendingMail(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.MailMessageEventArgs) Handles NewUserWizard.SendingMail
        MyBase.LogActivity("Creating User Account.")

        'Send an email to the address on file
        Dim userInfo As MembershipUser = Membership.GetUser(NewUserWizard.UserName)

        'Construct the verification URL
        Dim verifyUrl As String = Request.Url.GetLeftPart(UriPartial.Authority) & Page.ResolveUrl("~/RegisteredUsers/Verify.aspx?ID=" & userInfo.ProviderUserKey.ToString())

        'Replace <%VerifyUrl%> placeholder with verifyUrl value
        e.Message.Body = e.Message.Body.Replace("<%VerifyUrl%>", verifyUrl)
    End Sub

    Protected Sub NewUserWizard_CreatedUser(ByVal sender As Object, ByVal e As System.EventArgs) Handles NewUserWizard.CreatedUser
        'This subroutine creates a new record in UserProfiles
        'why is the role set to observer?
        ' Get the UserId of the just-added user
        Dim newUser As MembershipUser = Membership.GetUser(NewUserWizard.UserName)
        Dim newUserId As Guid = CType(newUser.ProviderUserKey, Guid)

        'set Observer as the default role
        'the uniqueIdentifier for an observer is "c49fe86b-739b-4992-82c2-74111831c74b"

        Dim observer As Guid = New Guid("c49fe86b-739b-4992-82c2-74111831c74b")

        ' Insert a new record into UserProfiles
        Dim connectionString As String = ConfigurationManager.ConnectionStrings("lucidequipmentConnectionString").ConnectionString
        Dim insertSql As String = "INSERT INTO UserProfiles(UserId, company,address1, address2, city, state, postalCode,country, website, OfficePhone, MobilePhone, RoleId)  VALUES(@UserId, @company, @address1, @address2, @city, @state, @postalCode, @country, @website, @OfficePhone, @MobilePhone, @RoleId)"

        Using myConnection As New SqlConnection(connectionString)
            myConnection.Open()

            Dim myCommand As New SqlCommand(insertSql, myConnection)
            myCommand.Parameters.AddWithValue("@UserId", newUserId)
            myCommand.Parameters.AddWithValue("@company", DBNull.Value)
            myCommand.Parameters.AddWithValue("@address1", DBNull.Value)
            myCommand.Parameters.AddWithValue("@address2", DBNull.Value)
            myCommand.Parameters.AddWithValue("@city", DBNull.Value)
            myCommand.Parameters.AddWithValue("@state", DBNull.Value)
            myCommand.Parameters.AddWithValue("@postalCode", DBNull.Value)
            myCommand.Parameters.AddWithValue("@country", DBNull.Value)
            myCommand.Parameters.AddWithValue("@website", DBNull.Value)
            myCommand.Parameters.AddWithValue("@OfficePhone", DBNull.Value)
            myCommand.Parameters.AddWithValue("@MobilePhone", DBNull.Value)
            myCommand.Parameters.Add("@RoleID", SqlDbType.UniqueIdentifier).Value = observer

            myCommand.ExecuteNonQuery()

            myConnection.Close()
        End Using
    End Sub


    Protected Sub NewUserWizard_ActiveStepChanged(sender As Object, e As System.EventArgs) Handles NewUserWizard.ActiveStepChanged
        'Add a record to the table aspnet_UsersInRoles to document the role category of this user
        ' Have we JUST reached the Complete step?
        If NewUserWizard.ActiveStep.Title = "Complete" Then

            Dim RoleID As Guid = New Guid(DropDownChooseRole.SelectedValue)
            ' Insert the UsersInRoles record for this user
            ' Get the UserId of the just-added user
            Dim newUser As MembershipUser = Membership.GetUser(NewUserWizard.UserName)
            Dim newUserId As Guid = DirectCast(newUser.ProviderUserKey, Guid)

            ' Insert a new record into UsersInRoles
            Dim connectionString As String = ConfigurationManager.ConnectionStrings("lucidequipmentConnectionString").ConnectionString
            Dim updateSql As String = "INSERT INTO aspnet_UsersInRoles(userID, RoleID) VALUES(@UserId, @RoleID)"

            Using myConnection As New SqlConnection(connectionString)
                myConnection.Open()

                Dim myCommand As New SqlCommand(updateSql, myConnection)
                myCommand.Parameters.Add("@UserId", SqlDbType.UniqueIdentifier).Value = newUserId
                myCommand.Parameters.Add("@RoleID", SqlDbType.UniqueIdentifier).Value = RoleID

                myCommand.ExecuteNonQuery()
                myConnection.Close()
            End Using
        End If
    End Sub
End Class

Open in new window


Here's the verify stuff (and again, I just went this route to break us the code; I don't really need email verification)

Imports System.Text.RegularExpressions

Partial Class Verify
    Inherits System.Web.UI.Page


    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        'Make sure that a valid querystring value was passed through
        If String.IsNullOrEmpty(Request.QueryString("ID")) OrElse Not Regex.IsMatch(Request.QueryString("ID"), "[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}") Then
            InformationLabel.Text = "An invalid ID value was passed in through the querystring."
        Else
            'ID exists and is kosher, see if this user is already approved
            'Get the ID sent in the querystring
            Dim userId As Guid = New Guid(Request.QueryString("ID"))

            'Get information about the user
            Dim userInfo As MembershipUser = Membership.GetUser(userId)
            If userInfo Is Nothing Then
                'Could not find user!
                InformationLabel.Text = "The user account could not be found in the membership database."
            Else
                'User is valid, approve them
                userInfo.IsApproved = "True"
                Membership.UpdateUser(userInfo)

                'Display a message
                InformationLabel.Text = "Your account has been verified and you can now log into the site."
            End If
        End If
    End Sub
End Class

Open in new window


Here's the aspx file

<%@ Page Language="VB" MasterPageFile="~/MasterPages/FrontEnd.master" AutoEventWireup="false" CodeFile="Verify.aspx.vb" Inherits="Verify" title="Untitled Page" %>

<asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <asp:Panel runat="server">
    <h2>
        Verify Your Account
    </h2>
    <p>
        <asp:Label ID="InformationLabel" runat="server"></asp:Label>
    </p>
    </asp:Panel>
</asp:Content>

Open in new window

0
Mark KleinAuthor Commented:
The error message shown to user is that there is a username/password problem.  It's not w/ the IsApproved or LockedOut state.

The puzzle is that the forgot password and change password routines are fine.  A new password can be created which sails acceptably through the login process.  What's different about those routines and the register routine in creating the password?
0
guru_samiCommented:
Can you try adding the Login_Error event handler to display specific error like shown in this article.
0
Mark KleinAuthor Commented:
Been there, seen that, done that.  The code is already in my app.  It says the error is in the login credentials
0
Mark KleinAuthor Commented:
I think I have it working, but not totally sure why.
That article to which you referred me, Part 4 of the series from 4Guys, has been my model for this all along, but somewhere along the way I got too fancy.  I went back to his simpler code for the createuser module, added what I needed for roles, and bingo, with a few fixes it was working.

Now I'm going to look at what I lopped out, a lot of the createuserwizard properties and the regex stuff primarily, to see what made it break.  I didn't touch web.config or all the hashing code properties there.

I'll report back.
0
Mark KleinAuthor Commented:
We have this narrowed down considerably, though still not solved. Very close.

I have two register.aspx pages, each with code behind. One is my work, modified through the last several days. The other is closely modeled on the downloads from 4guys.  The latter works, and mine doesn't. The Login file and the web.config are the same for both cases.

I am still unable to pinpoint the difference between them.  The code-behinds are identical except for the name of the class, which I don't think is significant.  Each matches the field in the corresponding html file.

The big difference is a content template for field validation in the createuserwizardstep.  I want it to help users fill in the registration form. Here are the four files.  Can you see what's making one work and the other break?

My code is the pair of register files.  The 4Guys version is the pair of register3 files, modified for my app.
register.aspx
0
Mark KleinAuthor Commented:
0
guru_samiCommented:
One thing you are missing is ValidationGroup.
Add  ValidationGroup="NewUserWizard" to all the Validator Controls in the CreateUserWizard
0
Mark KleinAuthor Commented:
Made the addition to six required field validators and one compare validator, but still not working.
0
guru_samiCommented:
This is the culprit: AutoGeneratePassword="True"
Remove that.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark KleinAuthor Commented:
You found it!  Now working. Good catch.  You deserve double points; this one had me baffled, but I learned a lot while getting it fixed
0
Mark KleinAuthor Commented:
Great persistence
0
guru_samiCommented:
That thing was buried in between the Styles so was overlooked.
Side-note: You will still need to keep that ValidationGroup="NewUserWizard" as without it your CUW was bypassing the validation.
0
Mark KleinAuthor Commented:
I've left it in.  I'm compiling now and moving to the AWS server.
0
Mark KleinAuthor Commented:
up and running at 54.235.245.110
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.