I've just built my first site with umbraco. Not yet ready for release so in Dev environment. So to start User Acceptance Testing I Have a server with Visual Studio and the built site on, on another server I have an MS SQL database with the database on using a machine key.
After adding a new user for user testing, all logins failed to work including my master. I've tried the following, and checked the DB login with SQL Man, on the IIS server.
Password reset DLL - Doesn't work
Change password to clear - Doesn't Work
Restoring backups of Project and DB - Doesn't work
The DB server I RDPed into it after login issue first appeared and it came up with "Windows has successfully updated", and I forgot to switch rollback on. :( Could it be that?
I just can't bear to start again it's months of work. I think I'm pretty stuffed, can anyone help?
If you add valid SMTP settings in your web.config and set
allowPasswordReset to true in umbracoSettings.config you should be able to reset passwords for all users.
You might be locked out of all of your users though, in the SQL database go to the umbracoUser table and make sure the userNoConsole column it set to 0 for everyone.
Thanks for the response.Yea I've tried that too :( No luck.
Also the App Data Log is not recording failed logins, is there any way to get a proper trace. I guess I am building and running as a proper site under IIS, so I could run it in debug, or attach to process to see what is happening in more detail.
You could at least try to set debug="true" in your web.config to get more detailed errors and in config\log4net.config maybe try temporarily changing the log level to DEBUG instead of INFO - that could give you some more info.
Also, while logging in, open the dev tools in your browser, on the network tab when you click the login button, see what the response from the server is.
and tried doing a app pool recycle as suggested but still same error. Also I've noticed in the database the failed logins is not incrementing.
ExceptionMessage
:
"Index and length must refer to a location within the string.
↵Parameter name: length"
ExceptionType
:
"System.ArgumentOutOfRangeException"
Message
:
"An error has occurred."
StackTrace:
" at System.String.Substring(Int32 startIndex, Int32 length)
↵ at Umbraco.Core.Security.MembershipProviderBase.StoredPassword(String storedString, String& salt)
↵ at Umbraco.Core.Security.MembershipProviderBase.CheckPassword(String password, String dbPassword)
↵ at Umbraco.Core.Security.UserAwareMembershipProviderPasswordHasher.VerifyHashedPassword(BackOfficeIdentityUser user, String hashedPassword, String providedPassword)
↵ at Umbraco.Core.Security.BackOfficeUserManager1.<VerifyPasswordAsync>d__23.MoveNext()
↵--- End of stack trace from previous location where exception was thrown ---
↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
↵ at Microsoft.AspNet.Identity.UserManager2.
I think that is the part where we try to split the seed and the password. Maybe it's a good idea to add/set useLegacyEncoding="true" on the UsersMembershipProvider in web.config. Then try resetting passwords again. Might help.
I'm really curious what the contents of your umbracoUser table look like (make sure to redact the password field if useLegacyEncoding="true" already).
So I tried searching for "Umbraco.Core.Security.MembershipProviderBase.StoredPassword" and found this code...not sure is this is still current? So I thought I would try changing "passwordFormat" to equal "ClearQWERTY" and back again.
protected internal bool CheckPassword(string password, string dbPassword)
{
if (string.IsNullOrWhiteSpace(dbPassword)) throw new ArgumentException("Value cannot be null or whitespace.", "dbPassword");
switch (PasswordFormat)
{
case MembershipPasswordFormat.Encrypted:
var decrypted = DecryptPassword(dbPassword);
return decrypted == password;
case MembershipPasswordFormat.Hashed:
string salt;
var storedHashedPass = StoredPassword(dbPassword, out salt);
var hashed = EncryptOrHashPassword(password, salt);
return storedHashedPass == hashed;
case MembershipPasswordFormat.Clear:
return password == dbPassword;
default:
throw new ArgumentOutOfRangeException();
}
}
The last time I had no logins working at all on a site there was an issue with the umbracoUser database table itself in that it had not been imported to it's new environment SQL Server database correclty.
Although all the data itself had been transferred successfully none of the primary and foreign keys were there which in turn meant none of the 'id' fields had their identity specification in place and until we resolved this by doing a clean export/import we couldn't log in to the new environment.
May be completely unrelated to this but worth checking just in case?
@Richard, you've updated the wrong provider, you need to update the UsersMembershipProvider, you've now updated the provider for members on the frontend. :-)
Update, @Derek put me on a path I restored the DB again, and I'm not getting the failed attempts increments, and no error 500 returned to the login page. But still get the above error when changing from "Hashed" to "Clear"
If you have restored the DB and it's looking a bit better is there any way to roll back the config and code changes as well to see if the DB restore is enough?
The Reset Admin is now giving up this error message....
018-07-26 17:33:11,671 [P3192/D2/T1] ERROR UmbracoAdminReset.ResetAdmin - Error during password reset
System.Web.HttpException (0x80004005): Request is not available in this context
at System.Web.HttpContext.get_Request()
at System.Web.HttpContextWrapper.get_Request()
at Umbraco.Core.HttpContextExtensions.GetCurrentRequestIpAddress(HttpContextBase httpContext)
at Umbraco.Core.Auditing.AuditEventHandler.get_PerformingIp()
at Umbraco.Core.Auditing.AuditEventHandler.OnSavedUser(IUserService sender, SaveEventArgs`1 saveEventArgs)
at Umbraco.Core.Events.TypedEventHandler`2.Invoke(TSender sender, TEventArgs e)
at Umbraco.Core.Events.EventDefinition`2.RaiseEvent()
at Umbraco.Core.Events.ScopeEventDispatcher.ScopeExitCompleted()
at Umbraco.Core.Events.ScopeEventDispatcherBase.ScopeExit(Boolean completed)
at Umbraco.Core.Scoping.Scope.<>c__DisplayClass70_0.<RobustExit>b__1()
at Umbraco.Core.Scoping.Scope.TryFinally(Int32 index, Action[] actions)
at Umbraco.Core.Scoping.Scope.TryFinally(Int32 index, Action[] actions)
at Umbraco.Core.Scoping.Scope.RobustExit(Boolean completed, Boolean onException)
at Umbraco.Core.Scoping.Scope.Dispose()
at Umbraco.Core.Persistence.UnitOfWork.ScopeUnitOfWork.DisposeResources()
at Umbraco.Core.DisposableObjectSlim.Dispose(Boolean disposing)
at Umbraco.Core.DisposableObjectSlim.Dispose()
at Umbraco.Core.Services.UserService.Save(IUser entity, Boolean raiseEvents)
at UmbracoAdminReset.ResetAdmin.ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
No logins working
Hi,
I've just built my first site with umbraco. Not yet ready for release so in Dev environment. So to start User Acceptance Testing I Have a server with Visual Studio and the built site on, on another server I have an MS SQL database with the database on using a machine key.
After adding a new user for user testing, all logins failed to work including my master. I've tried the following, and checked the DB login with SQL Man, on the IIS server.
Password reset DLL - Doesn't work Change password to clear - Doesn't Work Restoring backups of Project and DB - Doesn't work
The DB server I RDPed into it after login issue first appeared and it came up with "Windows has successfully updated", and I forgot to switch rollback on. :( Could it be that?
I just can't bear to start again it's months of work. I think I'm pretty stuffed, can anyone help?
I'm using 7.10.3
Cheers Rich
If you add valid SMTP settings in your
web.configand setallowPasswordResetto true inumbracoSettings.configyou should be able to reset passwords for all users.You might be locked out of all of your users though, in the SQL database go to the
umbracoUsertable and make sure theuserNoConsolecolumn it set to0for everyone.Thanks for the response.Yea I've tried that too :( No luck.
Also the App Data Log is not recording failed logins, is there any way to get a proper trace. I guess I am building and running as a proper site under IIS, so I could run it in debug, or attach to process to see what is happening in more detail.
I'll try this and get back.
You could at least try to set
debug="true"in yourweb.configto get more detailed errors and inconfig\log4net.configmaybe try temporarily changing the log level toDEBUGinstead ofINFO- that could give you some more info.Also, while logging in, open the dev tools in your browser, on the network tab when you click the login button, see what the response from the server is.
OK so I'm seeing this error on "PostLogin", Did a search
https://our.umbraco.com/forum/developers/api-questions/38069-Login-error-in-Umbraco
and tried doing a app pool recycle as suggested but still same error. Also I've noticed in the database the failed logins is not incrementing.
ExceptionMessage : "Index and length must refer to a location within the string. ↵Parameter name: length" ExceptionType : "System.ArgumentOutOfRangeException" Message : "An error has occurred."
StackTrace:
" at System.String.Substring(Int32 startIndex, Int32 length) ↵ at Umbraco.Core.Security.MembershipProviderBase.StoredPassword(String storedString, String& salt) ↵ at Umbraco.Core.Security.MembershipProviderBase.CheckPassword(String password, String dbPassword) ↵ at Umbraco.Core.Security.UserAwareMembershipProviderPasswordHasher.VerifyHashedPassword(BackOfficeIdentityUser user, String hashedPassword, String providedPassword) ↵ at Umbraco.Core.Security.BackOfficeUserManager
1.<VerifyPasswordAsync>d__23.MoveNext() ↵--- End of stack trace from previous location where exception was thrown --- ↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() ↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) ↵ at Microsoft.AspNet.Identity.UserManager2.Interesting, I've never seen that before!
I think that is the part where we try to split the seed and the password. Maybe it's a good idea to add/set
useLegacyEncoding="true"on theUsersMembershipProviderinweb.config. Then try resetting passwords again. Might help.I'm really curious what the contents of your
umbracoUsertable look like (make sure to redact the password field ifuseLegacyEncoding="true"already).Tried the legacy setting no change,
2 False False Richard [email protected] "password" {"hashAlgorithm":"HMACSHA256"} [email protected] en-US bnWxWyFdCueCcKrqniYK9iAS+7E= 0 NULL 2018-04-18 14:15:00.513 2018-07-13 15:11:54.480 NULL NULL 2018-04-18 14:15:45.170 2018-07-25 09:48:23.210 NULL [{"alias":"umbIntroIntroduction","completed":false,"disabled":true}]
And here are the membership settings
One thing I have noticed is that in the Trace its using VerifyHashedPassword now can that be happening if passwordFormat="Clear"
Maybe that's a red herring.
So I tried searching for "Umbraco.Core.Security.MembershipProviderBase.StoredPassword" and found this code...not sure is this is still current? So I thought I would try changing "passwordFormat" to equal "ClearQWERTY" and back again.
Hi Richard,
The last time I had no logins working at all on a site there was an issue with the umbracoUser database table itself in that it had not been imported to it's new environment SQL Server database correclty.
Although all the data itself had been transferred successfully none of the primary and foreign keys were there which in turn meant none of the 'id' fields had their identity specification in place and until we resolved this by doing a clean export/import we couldn't log in to the new environment.
May be completely unrelated to this but worth checking just in case?
Cheers
@Richard, you've updated the wrong provider, you need to update the
UsersMembershipProvider, you've now updated the provider for members on the frontend. :-)You can use the same attributes on the Users one!
OK sorry about that but now I'm getting.....
[InvalidOperationException: Cannot use ASP.Net Identity with UmbracoMembersUserStore when the password format is not Hashed] Umbraco.Core.Security.BackOfficeUserStore..ctor(IUserService userService, IEntityService entityService, IExternalLoginService externalLoginService, MembershipProviderBase usersMembershipProvider) +394 Umbraco.Core.Security.BackOfficeUserManager.Create(IdentityFactoryOptions
1 options, IUserService userService, IEntityService entityService, IExternalLoginService externalLoginService, MembershipProviderBase membershipProvider, IContentSection contentSectionConfig) +109 Umbraco.Web.Security.Identity.<>c__DisplayClass3_0.<ConfigureUserManagerForUmbracoBackOffice>b__0(IdentityFactoryOptions1 options, IOwinContext owinContext) +176 Microsoft.AspNet.Identity.Owin.This is on the refreshed login page
Update, @Derek put me on a path I restored the DB again, and I'm not getting the failed attempts increments, and no error 500 returned to the login page. But still get the above error when changing from "Hashed" to "Clear"
If you have restored the DB and it's looking a bit better is there any way to roll back the config and code changes as well to see if the DB restore is enough?
Interesting, before I do that the reset dll that's available doesn't work either
https://our.umbraco.com/projects/developer-tools/umbraco-admin-reset/
Also is there anyway the machine key can get messed up?
The Reset Admin is now giving up this error message....
SOVLED: So something was foulded up in the database as even after stopping IIS the SQL Server wouldn't take the DB offline.
Rebooted IIS server which sorted that.
Then restored DB backup.
ResetAdmin.dll wouldn't work as App Pool was Integrated not Classic.
So changed to Classic and restarted site, this reset the Admin password.
Site now doesn't work as app pool : Integrated is required changed it back and BOOM!
I'm back in! Thanks for your help guys :) It's my birthday so I'm off for a Beer!
is working on a reply...