Why can't I log in as the seeded user?

Question

I'm working on a new ASP.NET MVC project, using individual accounts stored in the database for authentication. Here's my class that will seed the database with sample data every time I test:

public class DevelopmentInitializer : DropCreateDatabaseAlways<ApplicationDbContext>
{
    protected override void Seed(ApplicationDbContext context)
    {
        base.Seed(context);

        var applicationUserManager = new ApplicationUserManager(new UserStore<ApplicationUser>(context));

        var sampleUserOne = new ApplicationUser { UserName = "SampleUser", Email = "[email protected]" };
        var result = applicationUserManager.Create(sampleUserOne, "aaaaaa");

        if (!result.Succeeded) 
            throw new Exception();

        context.SaveChanges();
    }
}

The Login action is as it is in the template:

    //
    // POST: /Account/Login
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindAsync(model.Email, model.Password);
            if (user != null)
            {
                await SignInAsync(user, model.RememberMe);
                return RedirectToLocal(returnUrl);
            }
            else
            {
                ModelState.AddModelError("", "Invalid username or password.");
            }
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }

The description of problem is very simple: Trying to log in using the seeded user's credentials fails.

Specifically, the FindAsync method returns null, even though the user is present in the database - FindByEmailAsync does find the seeded user.

However, creating a new account works and allows me to log in.

Why can't I log in as the seeded user, even though I can register a new account and log in using that?

I'm suspecting it has to do with how the passwords are hashed, but I don't know how to confirm this.

Am I seeding the account wrong? Should I not be creating a separate ApplicationUserManager in the Seed method? If not, how should I get one in order to call Create? I'm trying to understand how the new system works, before ending up locked out of my account or the users end up locked out of theirs in a deployed application.

Answer 1

The following code:

var user = await UserManager.FindAsync(model.Email, model.Password);

is expecting the userName to be passed in, not the email address.

This simple change should take care of things:

var user = await UserManager.FindAsync(model.UserName, model.Password);