0

I searched a lot but cant find how to resolve my problem. I have a asp:Login control to login to CMS system. It worked as a charm for one week, than suddenly i can't log on more. This is happening on same machine, same database.

I made new users, new roles, new everything but it is always written "Your login attempt was not successful. Please try again."

Then I tried to handle LoginError event, like is described here 4guysFromRolla and debugged , but it don't stop on IsLockedOut() or IsApproved(). Even in database table Membership are all IsLockedOut set to false and all IsApproved set to true:

this is web.config section

<compilation debug="true">
<authentication mode="Forms" />
<machineKey decryption="AES" validation="SHA1" decryptionKey="1513F567EE75F7FB5AC0AC4D79E1D9F25430E3E2F1BCDD3370BCFC4EFC97A541" validationKey="32CBA563F26041EE5B5FE9581076C40618DCC1218F5F447634EDE8624508A129"/>
<membership defaultProvider="SimpleCMSSqlMembershipProvider">
  <providers>
    <add name="SimpleCMSSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
      connectionStringName="SimpleCMS1ConnectionString"
      enablePasswordRetrieval="false"
      enablePasswordReset="true"
      requiresQuestionAndAnswer="true"
      applicationName="/"
      requiresUniqueEmail="false"
      passwordFormat="Hashed"
      maxInvalidPasswordAttempts="5"
      minRequiredPasswordLength="5"
      minRequiredNonalphanumericCharacters="0"
      passwordAttemptWindow="10"
      passwordStrengthRegularExpression=""/>
  </providers>
</membership>

 <connectionStrings>
     <add name="SimpleCMS1ConnectionString" connectionString="Data Source=CENE\SQLEXPRESS;Initial   Catalog=SimpleCMS1;Persist Security Info=True;User ID=SimpleCMSUser;Password="aaaaaa"
       providerName="System.Data.SqlClient" />
     <add name="SimpleCMS1ConnectionString1" connectionString="Data Source=CENE\SQLEXPRESS;Initial Catalog=SimpleCMS1;User ID=sa;Password=aaaaaaaa"
      providerName="System.Data.SqlClient" />
  </connectionStrings>

<roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="SimpleCMS1ConnectionString" applicationName="/"
      name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
  </providers>
</roleManager>

Have you some advice, thanks

martin
  • 15
  • 2
  • 8

1 Answers1

0

if you use only this line <authentication mode="Forms" /> for authentication setup, then this is probably your issue here. You must have something like:

<authentication mode="Forms">
  <forms name=".klidi" loginUrl="~/login.aspx" protection="All" 
         timeout="10" path="/" requireSSL="true" 
         cookieless="UseCookies" 
         domain="yourdomain.com" enableCrossAppRedirects="false" slidingExpiration="true" />
</authentication>

and not let it randomly work, but set your parametres.

For the requireSSL="true" parametre read this question Can some hacker steal the cookie from a user and login with that name on a web site? . If you leave it true, make sure to use ssl pages or else the login will always fails.

Community
  • 1
  • 1
Aristos
  • 66,005
  • 16
  • 114
  • 150
  • I added this, but no success. I search the net, but find only problems with locked acounts. hmmm. This asp:login control and asp.net configuration seems realy powerful, but seem that can be olso tricky. – martin Feb 02 '13 at 23:10
  • uff, I debuged but not see one empty event IsAutehnticated that was on my login contorol. So this was the casue to login failure, boo thanks anyway – martin Feb 03 '13 at 12:50