Custom ASPNetMembership FailureInformation always null, OnValidatingPassword issue

Asked 6/1, 2011 at 4:23 Answered 9/1, 2011 at 2:35

Solved asp.net .net-4.0 asp.net-membership asp.net-4.0

As stated here http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.onvalidatingpassword.aspx

"When the ValidatingPassword event has completed, the properties of the ValidatePasswordEventArgs object supplied as the e parameter can be examined to determine whether the current action should be canceled and if a particular Exception, stored in the FailureInformation property, should be thrown."

Here is some details/code which really shows why FailureInformation could be null http://forums.asp.net/t/991002.aspx

According with my Membership settings i should get an exception that password does not match password security conditions, but it is not happened.

Then i did try to debug System.Web.ApplicationServices.dll(in .NET 4.0 System.Web.Security located here) Framework Code to see whats really happens there, but i cant step into this assembly, may be because of this [TypeForwardedFrom("System.Web, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a")] public abstract class MembershipProvider : ProviderBase

Easily i may step into any another .NET 4.0 assembly, but in this one not. I did check, symbols for System.Web.ApplicationServices.dll loaded.

Now i have only one idea how ti fix it - to override method OnValidatingPassword(ValidatePasswordEventArgs e).

Thats my story.

May be some one may help:

1) Any ideas why OnValidatingPassword not working?

2) Any ideas how to step into it?

Scriven answered 6/1, 2011 at 4:23 Comment(0)

Have read this http://forums.asp.net/t/991002.aspx one more time. Here is my solution

    //Override OnValidatingPassword
    protected override void OnValidatingPassword(ValidatePasswordEventArgs args)
    {
        //Any logic to process password validation conditions
        //e.g:
        if (args.Password.Length < MinRequiredPasswordLength)
            args.FailureInformation = new ArgumentException(String.Format("Password is too short, min password length {0}", MinRequiredPasswordLength.ToString()));

        if (args.UserName == args.Password)
            args.FailureInformation = new ArgumentException(String.Format("Password should not be equal to username"));

        //Also here could be any logic to throw an exception if needed
        //e.g:
        if (args.FailureInformation != null)
            throw args.FailureInformation;

        //Calling base
        base.OnValidatingPassword(args);

        if (args.Cancel)
        {
            if (args.FailureInformation == null)
                args.FailureInformation = new ArgumentException(String.Format("Custom Password Validation Failure for password '{0}'", args.Password));

            throw args.FailureInformation;
        }
    }

Scriven answered 9/1, 2011 at 2:35 Comment(2)

I am confused about this -- what does the base method actually do if you have to do comparisons on the MinRequiredPassword length and other configuration items? – Noahnoak 4/10, 2011 at 20:49

@Noahnoak my complete implementation contains logic which checking password not contains user name, the base implementation does not do that, and probably you right, call base is not required if i check all the rest config values myself. – Scriven 16/10, 2011 at 11:3

You don't have to override the OnValidatingPassword method but as the documentation say you need to handle ValidatingPassword event. Check MembershipValidatePasswordEventHandler.

Use the .NET Reflector and inspect the ChangePassword method of SqlMembershipProvider class. You will see the SqlMembershipProvider doesn't have any handler registered for ValidatingPassword event.

So what I am thinking is in your custom membership provider's OnInit you register to Membership.ValidatingPassword and in the handler you do your coding. The sample example in the link above.

Hope I am not misunderstanding your question.

Cloaca answered 6/1, 2011 at 19:37 Comment(3)

First time I did exact the same, this code won't validate password. If password is wring 'this.OnValidatingPassword(e)' didn't add any information about that to 'e.FailureInformation' or set 'e.Cancel' to true. Thats why i mentioned that looks like i need to override it and finally what i did. – Scriven 9/1, 2011 at 2:10

Please don't show dissembled proprietary code on a public forum like SO, since people reading this are not allowed to contribute to ie. Mono mono-project.com/Contributing – Vinificator 9/1, 2011 at 3:19

Pauli Østerø: Thanks for pointing that out. Never thought source code that has been made public can have viewing restrictions. I have edited my post. – Cloaca 9/1, 2011 at 16:22

Your question seems to indicate you're using a Custom Membership provider? So I assume you're implmenting MembershipProvider directly?

class MyMembershipProvider : MembershipProvider{...}

In that case, OnValidatingPassword is never automatically called...you have to call it yourself.

So, basically I'm confused. Could you please clarify your setup? Are you using a default membership provider or a custom one? If custom, which class are you inheriting from?

As for looking at the code, you can use Reflector to do it.

Coussoule answered 6/1, 2011 at 17:5 Comment(1)

I am inheriting from MembershipProvider. I did call it my self, but it is didn't do anything helpful. – Scriven 9/1, 2011 at 2:15

Recommended topics

Hot tags