Membership.ValidateUser always return false on IIS

Asked 12/2, 2013 at 8:15 Answered 15/2, 2019 at 2:13

Solved iis web-config asp.net-membership cassini

Membership.ValidateUser methods works on development server both(iis express and cassini). But on my IIS (its publishing as an application on my development machine) It always return false.

Even user is approved,not locked and username and password are correct. There is no trace error. ?

http request 1: davutg-pc:6423/BpmService/Login?userName=abc&password=0035

result 1: < boolean >true< /boolean >

http request 2: davutg-pc/BPM/BpmService/Login?userName=abc&password=0035

result 2 :< boolean > false < /boolean >

Here are my settings

<roleManager enabled="true" defaultProvider="MySQLRoleProvider"/>

<machineKey validationKey="E8B40EEA5A8EFC6F...key" decryptionKey="385..." validation="SHA1" />

<membership defaultProvider="MySQLMembershipProvider"  hashAlgorithmType="SHA1">
  <providers>
    <remove name="MySQLMembershipProvider"  />
    <add type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.5.5.0, Culture=neutral, 
         PublicKeyToken=c5687fc88969c44d"
         name="MySQLMembershipProvider"
         connectionStringName="LocalMySqlServer"
         minRequiredPasswordLength="3"
         minRequiredNonalphanumericCharacters="0"
         requiresUniqueEmail="false"
         requiresQuestionAndAnswer="false"
         passwordFormat="Encrypted"/>

I compared machine.configs are the same Framework 64 and Framework.

It works on development server but on IIS always return false. I can query different services with IIS and no such problem.

IN ADDITION: When I enter wrong password "FailedPasswordAttemptCount" increased for development server. But it doesn't change for IIS. What's going wrong with IIS. I just call Membership.ValidateUser(user,pass)

Any suggestion will be appreciated !

Lixiviate answered 12/2, 2013 at 8:15 Comment(0)

Solved! Hope this will save someone's time.

The problem was the application name.

host:port/Service

host/BPM/Service

note:BPM is applicaton name you give it on IIS.

Membership encryption algorithm uses "ApplicatonName". When I setup applicaton I used BPM as application name. on development server the "name" return "/". But its "BPM" on IIS !

All my old passwords was generated with "/" appliacion name. So always provide an application Name. Read this article from Scott-Gu 's blog.

    public bool Login(string userName,string password)
    {
        var provider = Membership.Provider;
        string name = provider.ApplicationName;

        return Membership.ValidateUser(userName, password);
    }

//Wrong one

      <membership>
        <providers>
            <clear/>
            <add name="AspNetSqlMembershipProvider"
                type="System...bla bla"
                connectionStringName="LocalSqlServer"
                enablePasswordRetrieval="false"
                enablePasswordReset="true"
                requiresQuestionAndAnswer="true"
                requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="7"
                minRequiredNonalphanumericCharacters="1"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression=""
                applicationName="/" //Wrong
            />
         </providers>
    </membership>

//Right one

          <membership>
                <providers>
                <clear/>
            <add name="AspNetSqlMembershipProvider"
                type="System.Web.Security.S.. bla bla"
                connectionStringName="LocalSqlServer"
                enablePasswordRetrieval="false"
                enablePasswordReset="true"
                requiresQuestionAndAnswer="true"
                requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="7"
                minRequiredNonalphanumericCharacters="1"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression=""
                applicationName="MyAPPNAME" //Well :)
            />
         </providers>
    </membership>

Lixiviate answered 12/2, 2013 at 9:30 Comment(0)

I also faced this issue and I couldn't fix it for two weeks.

Focus on the creation of the member using CreateUser():

MembershipCreateStatus createStatus;
MembershipUser member = 
Membership.CreateUser(TextBox_username.Text.Replace("'", "''"), 
           TextBox_password.Text.Replace("'", "''"), 
           TextBox_email.Text.Replace("'", "''"), null, null, true, out createStatus);

Check how the CreateUser() function is called. It should be like this.

Ataraxia answered 15/2, 2019 at 2:13 Comment(0)

Recommended topics

Hot tags