ASP.NET Membership.ValidateUser() always return "false" [duplicate]
Asked Answered
D

2

6

Here is my web.config:

<membership defaultProvider="CustomizedMembershipProvider">
  <providers>
    <clear />
    <add name="CustomizedMembershipProvider" 
         connectionStringName="MYbdName" 
         applicationName="/" type="System.Web.Security.SqlMembershipProvider" 
         requiresQuestionAndAnswer="false" 
         passwordFormat="Clear" 
         enablePasswordRetrieval="true" 
         requiresUniqueEmail="true" 
         minRequiredPasswordLength="4" 
         minRequiredNonalphanumericCharacters="0" />
  </providers>
</membership>

I even hardcoded the username and password:

 bool b = Membership.ValidateUser("[email protected]", "pass123");

When i perform a select on database i get the correct user.

User isAproved = true

User isLockedout = 0

Diageotropism answered 28/2, 2014 at 14:42 Comment(0)
V
10

You need to set the applicationName property when configuring ASP.NET 2.0 Membership and other Providers. In your web.config, it's missing:

<membership defaultProvider="CustomizedMembershipProvider">
  <providers>
    <clear />
    <add name="CustomizedMembershipProvider" 
         connectionStringName="MYbdName" 
         applicationName="/"   <----------   Missing applicationName
         type="System.Web.Security.SqlMembershipProvider" 
         requiresQuestionAndAnswer="false" 
         passwordFormat="Clear" 
         enablePasswordRetrieval="true" 
         requiresUniqueEmail="true" 
         minRequiredPasswordLength="4" 
         minRequiredNonalphanumericCharacters="0" /> 
  </providers>
</membership>

You can try to get the value here

public bool Login(string userName, string password)
{
    var provider = Membership.Provider;
    string name = provider.ApplicationName; // Get the application name here

    return Membership.ValidateUser(userName, password);
}

or open up the aspnet_Users and aspnet_Applications tables within the ASPNETDB database and figure out what application name was used when creating the users and other data during development (look in the aspnet_Application table to work this out).

Then correctly set the property in your web.cofig:

<membership defaultProvider="CustomizedMembershipProvider">
      <providers>
        <clear />
        <add name="CustomizedMembershipProvider" 
             connectionStringName="MYbdName" 
             applicationName="MyAppName"   <----------   correct
             type="System.Web.Security.SqlMembershipProvider" 
             requiresQuestionAndAnswer="false" 
             passwordFormat="Clear" 
             enablePasswordRetrieval="true" 
             requiresUniqueEmail="true" 
             minRequiredPasswordLength="4" 
             minRequiredNonalphanumericCharacters="0" /> 
      </providers>
    </membership>

For more details, read this article from Scott-Gu's blog.

Vidavidal answered 28/2, 2014 at 15:6 Comment(0)
I
1

For other people having this issue, also make sure you are using the same machine key across projects that was used when creating/saving the user passwords:

<machineKey validationKey="x" decryptionKey="x" validation="SHA1" decryption="AES" />

More info here: https://msdn.microsoft.com/en-us/library/ff649308.aspx

Infrangible answered 8/7, 2015 at 3:36 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.