Thanks everyone for your feedback and bug reports, we have tried to patch as many bugs as possible and done some very significant changes to the Courier Core to solve as many of the big issues as possible.
This version still has a problem if you are using a custom membership provider. We've worked with Paul and Casey from Umbraco to get this fixed, but it seems this fix didnt make it in this release.
If you are using a membership provider other than default, this version will not work. You will get an authentication error when trying to view your other locations.
I believe, atleast based on info from Casey, that a fix is included in the source, as well as instructions in the courier.config file + in the install and config documentation
That did allow Courier to work, thank you. However, I'm concerned that we are forced to use a clear password in our config file. Why cant we use a hashed password at least? I was told Courier already hashes the password, so the password would come over to the other location double hashed?
What changed between 2.1 and 2.5 to break this? We have always used User 0 without problems. We have User 0's password hashed in the database and is the same in AD. We are forcing hashed passwords in the web.config. I was told I could get around this by changing the password in the database to clear and changing the web.config, but this brings us back to the security concern of having clear passwords. This sounds like a hashed password issue that became broken in this version.
Could you get ahold of me on per at umbraco.com so we can go through your membership needs and see how we can make a secure solution that works with your provider
Courier 2.5 has been released
Thanks everyone for your feedback and bug reports, we have tried to patch as many bugs as possible and done some very significant changes to the Courier Core to solve as many of the big issues as possible.
I've posted the details on the umbraco.com blog:
http://umbraco.com/follow-us/blog-archive/2011/11/15/courier-25-released.aspx
This version still has a problem if you are using a custom membership provider. We've worked with Paul and Casey from Umbraco to get this fixed, but it seems this fix didnt make it in this release.
If you are using a membership provider other than default, this version will not work. You will get an authentication error when trying to view your other locations.
Hi Alex
I believe, atleast based on info from Casey, that a fix is included in the source, as well as instructions in the courier.config file + in the install and config documentation
http://nightly.umbraco.org/UmbracoCourier/Installation%20and%20Configuration.pdf
(page 20)
If that does not solve the issue, then let me know and we will investigate and get it fixed for the first maintance update
That did allow Courier to work, thank you. However, I'm concerned that we are forced to use a clear password in our config file. Why cant we use a hashed password at least? I was told Courier already hashes the password, so the password would come over to the other location double hashed?
What changed between 2.1 and 2.5 to break this? We have always used User 0 without problems. We have User 0's password hashed in the database and is the same in AD. We are forcing hashed passwords in the web.config. I was told I could get around this by changing the password in the database to clear and changing the web.config, but this brings us back to the security concern of having clear passwords. This sounds like a hashed password issue that became broken in this version.
Hi Alex
Could you get ahold of me on per at umbraco.com so we can go through your membership needs and see how we can make a secure solution that works with your provider
/Per
is working on a reply...