Hi Thomas,

Sad to here that you can´t login. What I have seen the last periode is that you can be logged out from the backend if you type your password wrong e.g 5 times in Umbraco 7, don´t know if it´s the same for Umbraco 6.2.1.

What you could try to chek the UmbracoUser table to see if userNoConsole is set to 1 or true for the user that you are trying logging in with, it should be 0 or false. If the column is in the table in Umbraco 6.2.1

You can set maxInvalidPasswordAttempts to a different value for the UsersMembershipProvider in your web.config file. For example maxInvalidPasswordAttempts="15".

It's to prevent hackers from trying millions of passwords trying to guess yours.

Hope this helps,

/Dennis

Hi Dennis,

thanks for the really quick reply. I checked everything you wrote, but still no successful login.
It is not only one user, I tried with two different ones.
Seems like the authentication mechanism does not work properly. I have no idea.
Last thing I did was updating from 6.1.1 to 6.2.1 and running the security fix.

Any other idea where to look for?

Best regards -

Tom 

I just wanted to check the log-Table, but there isn't any entry about a login failure attempt...

Ok, I have the Staging of this website, that is still running in 6.1.6. When I just change the connectionsstring to the database of the live, I can login again - but from another web application. So it has something to do with the 6.2.1 upgrade. But how to fix that? Cannot downgrade to the previews version... and do the upgrade again is also not possible, because I cannot login. :)

Hi Thomas,

Maybe I was not clear enough. try to chek the UmbracoUser table in the database to see if userNoConsole column has the value 1 or true for the user that you are trying logging in with and for other users, it should be 0 or false.

/Dennis

hi. I get you right. Checked this and all users habe the value false.

Hi,

I think Version 6.2.x seems to be the problem.

I made a copy of the web and overwrite 6.2.1 with files from 6.2.0. Same issue.
Then I overwrite the files with 6.1.6 and it worked again.
Any idea where to look for the problem in 6.2.1?
I don't want to fix it this way in the live environment.

Best regards -

Tom

Hi,

We had a similar issue on two 6.2 installations.

The logs seemed to indicate multiple login attempts and now the admin account was permanently locked. The following is a complete solution using other comments, etc...

1. Check the user in [yourDB].dbo.umbracoUser - make sure 'userNoConsole' is set to 'False'
2. Change userPassword to 'justatest'
3. In web config find UmbracoMembershipProvider and UsersMembershipProvider and set passwordFormat to "Clear"
4. Add maxInvalidPasswordAttempts and set its value to 999999 to the UsersMembershipProvider
5. Login as the admin using the password 'justatest' to make sure it works
6. Back in the web config set passwordFormat back to "Hashed" and reduce the maxInvalidPasswordAttempts to 5
7. Now change the admin password in umbraco to the required genuine password.

8. Everything should now work properly!

   <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
   <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" />
   

is working on a reply...