This is driving me absolutely crazy. I had my membership login working perfectly and some friends arrived so i closed my computer. When i opend up again to start working, it had stopped working and there I am stuck.
Since it was working before, i'm pretty sure everything is hooked up correctly. I've tried the following non-code related troublshooting activities:
Cleared all caches/ cookies/ etc from browser
Restarted IIS
Recycled app pool
Tried in another browser
None of this made any difference... when i log in now, in my code behind it hits the OnLoggedIn function, but Member.IsLoggedOn() returns false.
Also the OnAuthenticate method is hit, but HttpContext.Current.User.Identity.IsAuthenticated returns false.
If i enter an incorrect password, my error message is shown correctly, so it is doing the authentication, its just not creating the session correctly from what i can tell.
Actually now, i'm not sure what i've done, but even correct passwords are giving me the error message. I've tried to create a new user and login with that but it too is failing (incorrect password).
WHAT THE HELL IS GOING ON???
Is there a way to reset everything? There's something seriously wacky going on, and i don't know how to back out of it. Any advice would be greatly appreciated, i'm totally stuck and going slowly insane.
Okay i misunderstood what the OnAuthenticate method does... I've removed that and now it's authenticating correctly (ie: correct password = fail, incorrect password = error).
What i dont get is that the OnLoggedIn method is being called, but the user is not authenticated. Is there something in web.config i need to change? Or IIS?
Here's my UmbracoMembershipProvider declaration in web.config
Okay, problem solved. It was all around the OnLoggedIn event.. turns out this event fires after the user is authenticated, but BEFORE the cookie is written. Therefore, by testing for Member.IsLoggedIn() will return false as the cookie is not yet written.
So to get the user data and react to it at this point, you just have to trust that ASP.Net has authenticated them correctly, and get the member object via a API call like this:
m =Member.GetMemberFromLoginName(ctlLogin.UserName);
Does this open up any security holes? I need to lock down this app as much as possible so any security related advice would be greatly appreciated.
Can't log member in
This is driving me absolutely crazy. I had my membership login working perfectly and some friends arrived so i closed my computer. When i opend up again to start working, it had stopped working and there I am stuck.
Since it was working before, i'm pretty sure everything is hooked up correctly. I've tried the following non-code related troublshooting activities:
Member.IsLoggedOn() returns false.
Okay i misunderstood what the OnAuthenticate method does... I've removed that and now it's authenticating correctly (ie: correct password = fail, incorrect password = error).
This is my login form aspx:
<%@ControlLanguage="C#"AutoEventWireup="true"CodeBehind="LoginForm.ascx.cs"Inherits="BerlinIT.ToolBox.UserControls.PPS.Members.LoginForm"%>
<formid="signinForm"runat="server">
<asp:LoginRenderOuterTable="false"ID="ctlLogin"runat="server" OnLoginError="OnLoginError"onloggedin="OnLoggedIn"RememberMeSet="True"VisibleWhenLoggedIn="False">
<LayoutTemplate>
<divid="txtUsername"class="textbox1 removered">
<%# UsernameText %> : <asp:TextBox ToolTip="<%# UsernameText %>" CssClass="required" ID="Username" runat="server" ClientIDMode="Static" />
</div>
<divid="txtPassword"class="textbox1 removered">
<%# PasswordText %> : <asp:TextBox ToolTip="<%# PasswordText %>" CssClass="required" ID="Password" TextMode="Password" runat="server" ClientIDMode="Static" />
</div>
<asp:ButtonID="btnSignIn"runat="server"CommandName="Login"CssClass="signinbutton"Text="<%# LoginButtonText %>"/>
</LayoutTemplate>
</asp:Login>
<asp:LiteralID="litError"runat="server"/>
</form>
What i dont get is that the OnLoggedIn method is being called, but the user is not authenticated. Is there something in web.config i need to change? Or IIS?
Here's my UmbracoMembershipProvider declaration in web.config
<add name="UmbracoMembershipProvider"type="umbraco.providers.members.UmbracoMembershipProvider"enablePasswordRetrieval="false"enablePasswordReset="false"requiresQuestionAndAnswer="false"defaultMemberTypeAlias="PPSOnlinePrintingCustomer"passwordFormat="Hashed"/>
Also found this, is this likely to cause a problem? what's it there for?
<authentication mode="Forms">
<forms name="yourAuthCookie"loginUrl="login.aspx"protection="All"path="/"/>
</authentication>
UGH i'm not liking this right now. Hoping somebody can help me get it working again.
Okay, problem solved. It was all around the OnLoggedIn event.. turns out this event fires after the user is authenticated, but BEFORE the cookie is written. Therefore, by testing for Member.IsLoggedIn() will return false as the cookie is not yet written.
So to get the user data and react to it at this point, you just have to trust that ASP.Net has authenticated them correctly, and get the member object via a API call like this:
m = Member.GetMemberFromLoginName(ctlLogin.UserName);
Does this open up any security holes? I need to lock down this app as much as possible so any security related advice would be greatly appreciated.
is working on a reply...