Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Patrick Scott 70 posts 110 karma points c-trib
    Dec 02, 2014 @ 17:49
    Patrick Scott
    0

    error authenticating between 7.1.7 and 7.2 RC

    I am setting up a new project using 7.2 and hoped to connect an old project on 7.1.7 so I cna copy some objects accross. I have useLegacyEncoding set to false for the membership providers on both sites and the same machineKey defined inthe web.config.

    When I try to connect I get the below error abaout not being able to authenticate the user.

    In the courier,config I have tried <user>0</user> as well as enterign the login details but have the same error.Looking inthe database, the hashed passwords look very different, so I assume the hashing algorythm has changed dramatically. 

    Am I missing something? I thought entering the username/password in clear thext in the courier.config should work.

     

    System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> Umbraco.Courier.Core.Exceptions.UnauthorizedClientException: User: testuser could not be authenticated
    at Umbraco.Courier.RepositoryProviders.WebserviceProvider.Security.SecurityHelper.ValidateUser(String login, String password)
    at Umbraco.Courier.RepositoryProviders.WebserviceProvider.Security.Authentication.AuthorizeClient(String login, String password, Boolean cacheAuthResult)
    at Umbraco.Courier.RepositoryProviders.Webservices.Repository.GetAvailableRevisions(String username, String password)
    --- End of inner exception stack trace --- 
    at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) 
    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) 
    at Umbraco.Courier.RepositoryProviders.WebServiceProvider.RepositoryWebservice.GetAvailableRevisions(String username, String password) 
    at Umbraco.Courier.RepositoryProviders.CourierWebserviceRepositoryProvider.GetAvailableRevisions() 
    at Umbraco.Courier.UI.Pages.editRepository.OnInit(EventArgs e) 
    at System.Web.UI.Control.InitRecursive(Control namingContainer) 
    at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

  • Paul Sterling 718 posts 1534 karma points MVP 8x admin c-trib
    Dec 02, 2014 @ 22:05
    Paul Sterling
    0

    @Patrick -

    I came across that as well and will addres shortly http://issues.umbraco.org/issue/COU-104

    Feel free to add any additional insight or specifics you have.

    -Paul

  • Patrick Scott 70 posts 110 karma points c-trib
    Dec 03, 2014 @ 09:25
    Patrick Scott
    0

    @Paul

    I have got courier working using 7.1.7 on both sites and with useLegacyEncoding = false. I think the trick with this is to have the machineKey entry in the web.config identical. Try http://www.developerfusion.com/tools/generatemachinekey/ to create one. Also, these sites have the same salted password in each database and I use 0 in courier.config.  

    Curiously, I have copied over the salted password from these working sites to the 7.2 site and I can still login to the 7.2 site, so the encryption seems to be working the same. I am going to give it another try today to see what I can find any differences between the two setups.

  • Patrick Scott 70 posts 110 karma points c-trib
    Dec 03, 2014 @ 10:38
    Patrick Scott
    0

    Good news, I've just managed to get it working.

    It started working after I recycled both app pools, so I cannot say exactly what fixed it. It was either copying over the hashed password so it was identical in both databases or copying over the courier.config so they were identical. 

    I suspect it was the hashed password as I am using "<user>0</user>" in the courier.config file.

    I must admit I was looking it the wrong database yesterday which is why it got confuising for me. 

  • Paul Sterling 718 posts 1534 karma points MVP 8x admin c-trib
    Dec 03, 2014 @ 20:49
    Paul Sterling
    0

    @patrick 

    For sure its related to the (better) password handling with the newer membership providers.  Courier uses the older methods that essentially do a string compare on the hashed password...which is different on each instance by default now.

    I think the best approach if for us to update the installation documents to highlight this key configuration.

    Thanks for the input.

  • Patrick Scott 70 posts 110 karma points c-trib
    Dec 03, 2014 @ 21:10
    Patrick Scott
    0

    I agree, it may seem clunky copying the hashed password from one database to another, but this seems preferable to putting the login details in plain text in the courier.config. As the passwords are one way hashed, I dont see any other way of doing this.

  • Paul Sterling 718 posts 1534 karma points MVP 8x admin c-trib
    Dec 04, 2014 @ 20:29
    Paul Sterling
    0

    @All

    In order for Courier Auth to work in 6.2+ and 7.1+ you'll need to make sure useLegacyEncoding = true as it is by default.  If you decide to update this setting you should update courier.config to use a specifies username and password.

    The recommended workaround is:
    Set useLegacyEncoding = true and reset the Courier user(s) password. Note: you will need to rest all user passwords if they were created with useLegacyEncoding = false initially.

Please Sign in or register to post replies

Write your reply to:

Draft