Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Membership.ValidateUser always return false on IIS

Membership.ValidateUser methods works on development server both(iis express and cassini). But on my IIS (its publishing as an application on my development machine) It always return false.

Even user is approved,not locked and username and password are correct. There is no trace error. ?

http request 1: davutg-pc:6423/BpmService/Login?userName=abc&password=0035

result 1: < boolean >true< /boolean >

http request 2: davutg-pc/BPM/BpmService/Login?userName=abc&password=0035

result 2 :< boolean > false < /boolean >

Here are my settings

<roleManager enabled="true" defaultProvider="MySQLRoleProvider"/>

<machineKey validationKey="E8B40EEA5A8EFC6F...key" decryptionKey="385..." validation="SHA1" />

<membership defaultProvider="MySQLMembershipProvider"  hashAlgorithmType="SHA1">
  <providers>
    <remove name="MySQLMembershipProvider"  />
    <add type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.5.5.0, Culture=neutral, 
         PublicKeyToken=c5687fc88969c44d"
         name="MySQLMembershipProvider"
         connectionStringName="LocalMySqlServer"
         minRequiredPasswordLength="3"
         minRequiredNonalphanumericCharacters="0"
         requiresUniqueEmail="false"
         requiresQuestionAndAnswer="false"
         passwordFormat="Encrypted"/>

I compared machine.configs are the same Framework 64 and Framework.

It works on development server but on IIS always return false. I can query different services with IIS and no such problem.

IN ADDITION: When I enter wrong password "FailedPasswordAttemptCount" increased for development server. But it doesn't change for IIS. What's going wrong with IIS. I just call Membership.ValidateUser(user,pass)

Any suggestion will be appreciated !

like image 987
Davut Gürbüz Avatar asked Feb 12 '13 08:02

Davut Gürbüz


1 Answers

Solved! Hope this will save someone's time.

The problem was the application name.

host:port/Service

host/BPM/Service

note:BPM is applicaton name you give it on IIS.

Membership encryption algorithm uses "ApplicatonName". When I setup applicaton I used BPM as application name. on development server the "name" return "/". But its "BPM" on IIS !

All my old passwords was generated with "/" appliacion name. So always provide an application Name. Read this article from Scott-Gu 's blog.

    public bool Login(string userName,string password)
    {
        var provider = Membership.Provider;
        string name = provider.ApplicationName;

        return Membership.ValidateUser(userName, password);
    }

//Wrong one

      <membership>
        <providers>
            <clear/>
            <add name="AspNetSqlMembershipProvider"
                type="System...bla bla"
                connectionStringName="LocalSqlServer"
                enablePasswordRetrieval="false"
                enablePasswordReset="true"
                requiresQuestionAndAnswer="true"
                requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="7"
                minRequiredNonalphanumericCharacters="1"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression=""
                applicationName="/" //Wrong
            />
         </providers>
    </membership>

//Right one

          <membership>
                <providers>
                <clear/>
            <add name="AspNetSqlMembershipProvider"
                type="System.Web.Security.S.. bla bla"
                connectionStringName="LocalSqlServer"
                enablePasswordRetrieval="false"
                enablePasswordReset="true"
                requiresQuestionAndAnswer="true"
                requiresUniqueEmail="false"
                passwordFormat="Hashed"
                maxInvalidPasswordAttempts="5"
                minRequiredPasswordLength="7"
                minRequiredNonalphanumericCharacters="1"
                passwordAttemptWindow="10"
                passwordStrengthRegularExpression=""
                applicationName="MyAPPNAME" //Well :)
            />
         </providers>
    </membership>
like image 182
Davut Gürbüz Avatar answered Nov 09 '22 18:11

Davut Gürbüz