If you add valid SMTP settings in your web.config and set allowPasswordReset to true in umbracoSettings.config you should be able to reset passwords for all users.

You might be locked out of all of your users though, in the SQL database go to the umbracoUser table and make sure the userNoConsole column it set to 0 for everyone.

Thanks for the response.Yea I've tried that too :( No luck.

Also the App Data Log is not recording failed logins, is there any way to get a proper trace. I guess I am building and running as a proper site under IIS, so I could run it in debug, or attach to process to see what is happening in more detail.

I'll try this and get back.

You could at least try to set debug="true" in your web.config to get more detailed errors and in config\log4net.config maybe try temporarily changing the log level to DEBUG instead of INFO - that could give you some more info.

Also, while logging in, open the dev tools in your browser, on the network tab when you click the login button, see what the response from the server is.

OK so I'm seeing this error on "PostLogin", Did a search

https://our.umbraco.com/forum/developers/api-questions/38069-Login-error-in-Umbraco

and tried doing a app pool recycle as suggested but still same error. Also I've noticed in the database the failed logins is not incrementing.

ExceptionMessage : "Index and length must refer to a location within the string. ↵Parameter name: length" ExceptionType : "System.ArgumentOutOfRangeException" Message : "An error has occurred."

StackTrace:

" at System.String.Substring(Int32 startIndex, Int32 length) ↵ at Umbraco.Core.Security.MembershipProviderBase.StoredPassword(String storedString, String& salt) ↵ at Umbraco.Core.Security.MembershipProviderBase.CheckPassword(String password, String dbPassword) ↵ at Umbraco.Core.Security.UserAwareMembershipProviderPasswordHasher.VerifyHashedPassword(BackOfficeIdentityUser user, String hashedPassword, String providedPassword) ↵ at Umbraco.Core.Security.BackOfficeUserManager1.<VerifyPasswordAsync>d__23.MoveNext() ↵--- End of stack trace from previous location where exception was thrown --- ↵ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() ↵ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) ↵ at Microsoft.AspNet.Identity.UserManager2.

Interesting, I've never seen that before!

I think that is the part where we try to split the seed and the password. Maybe it's a good idea to add/set useLegacyEncoding="true" on the UsersMembershipProvider in web.config. Then try resetting passwords again. Might help.

I'm really curious what the contents of your umbracoUser table look like (make sure to redact the password field if useLegacyEncoding="true" already).

Tried the legacy setting no change,

2 False False Richard richard@phoenixtransconnect.co.uk "password" {"hashAlgorithm":"HMACSHA256"} richard@phoenixtransconnect.co.uk en-US bnWxWyFdCueCcKrqniYK9iAS+7E= 0 NULL 2018-04-18 14:15:00.513 2018-07-13 15:11:54.480 NULL NULL 2018-04-18 14:15:45.170 2018-07-25 09:48:23.210 NULL [{"alias":"umbIntroIntroduction","completed":false,"disabled":true}]

And here are the membership settings

    <!-- Membership Provider -->
<membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
  <providers>
    <clear />
    <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="1" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Clear" allowManuallyChangingPassword="false" />
    <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" />
  </providers>
</membership>

One thing I have noticed is that in the Trace its using VerifyHashedPassword now can that be happening if passwordFormat="Clear"

Maybe that's a red herring.

So I tried searching for "Umbraco.Core.Security.MembershipProviderBase.StoredPassword" and found this code...not sure is this is still current? So I thought I would try changing "passwordFormat" to equal "ClearQWERTY" and back again.

protected internal bool CheckPassword(string password, string dbPassword)
    {
        if (string.IsNullOrWhiteSpace(dbPassword)) throw new ArgumentException("Value cannot be null or whitespace.", "dbPassword");
        switch (PasswordFormat)
        {
            case MembershipPasswordFormat.Encrypted:
                var decrypted = DecryptPassword(dbPassword);
                return decrypted == password;
            case MembershipPasswordFormat.Hashed:
                string salt;
                var storedHashedPass = StoredPassword(dbPassword, out salt);
                var hashed = EncryptOrHashPassword(password, salt);
                return storedHashedPass == hashed;
            case MembershipPasswordFormat.Clear:
                return password == dbPassword;
            default:
                throw new ArgumentOutOfRangeException();
        }
    }

Hi Richard,

The last time I had no logins working at all on a site there was an issue with the umbracoUser database table itself in that it had not been imported to it's new environment SQL Server database correclty.

Although all the data itself had been transferred successfully none of the primary and foreign keys were there which in turn meant none of the 'id' fields had their identity specification in place and until we resolved this by doing a clean export/import we couldn't log in to the new environment.

May be completely unrelated to this but worth checking just in case?

Cheers

@Richard, you've updated the wrong provider, you need to update the UsersMembershipProvider, you've now updated the provider for members on the frontend. :-)

You can use the same attributes on the Users one!

OK sorry about that but now I'm getting.....

[InvalidOperationException: Cannot use ASP.Net Identity with UmbracoMembersUserStore when the password format is not Hashed] Umbraco.Core.Security.BackOfficeUserStore..ctor(IUserService userService, IEntityService entityService, IExternalLoginService externalLoginService, MembershipProviderBase usersMembershipProvider) +394 Umbraco.Core.Security.BackOfficeUserManager.Create(IdentityFactoryOptions1 options, IUserService userService, IEntityService entityService, IExternalLoginService externalLoginService, MembershipProviderBase membershipProvider, IContentSection contentSectionConfig) +109 Umbraco.Web.Security.Identity.<>c__DisplayClass3_0.<ConfigureUserManagerForUmbracoBackOffice>b__0(IdentityFactoryOptions1 options, IOwinContext owinContext) +176 Microsoft.AspNet.Identity.Owin.

This is on the refreshed login page

Update, @Derek put me on a path I restored the DB again, and I'm not getting the failed attempts increments, and no error 500 returned to the login page. But still get the above error when changing from "Hashed" to "Clear"

Interesting, before I do that the reset dll that's available doesn't work either

https://our.umbraco.com/projects/developer-tools/umbraco-admin-reset/

Also is there anyway the machine key can get messed up?

    <machineKey validationKey="BBC01B24D96B3DAA02CE2D85B727668B1FF17A5F3825BBF7B82C33FBD3BB2CBC" decryptionKey="F71C500EDDAA623E51465DCCDB67879FF5725BE5B4AC740F7906BA338E0BB9C3" validation="HMACSHA256" decryption="AES" />

The Reset Admin is now giving up this error message....

    018-07-26 17:33:11,671 [P3192/D2/T1] ERROR UmbracoAdminReset.ResetAdmin - Error during password reset
System.Web.HttpException (0x80004005): Request is not available in this context
       at System.Web.HttpContext.get_Request()
       at System.Web.HttpContextWrapper.get_Request()
       at Umbraco.Core.HttpContextExtensions.GetCurrentRequestIpAddress(HttpContextBase httpContext)
       at Umbraco.Core.Auditing.AuditEventHandler.get_PerformingIp()
       at Umbraco.Core.Auditing.AuditEventHandler.OnSavedUser(IUserService sender, SaveEventArgs`1 saveEventArgs)
       at Umbraco.Core.Events.TypedEventHandler`2.Invoke(TSender sender, TEventArgs e)
       at Umbraco.Core.Events.EventDefinition`2.RaiseEvent()
       at Umbraco.Core.Events.ScopeEventDispatcher.ScopeExitCompleted()
       at Umbraco.Core.Events.ScopeEventDispatcherBase.ScopeExit(Boolean completed)
       at Umbraco.Core.Scoping.Scope.<>c__DisplayClass70_0.<RobustExit>b__1()
       at Umbraco.Core.Scoping.Scope.TryFinally(Int32 index, Action[] actions)
       at Umbraco.Core.Scoping.Scope.TryFinally(Int32 index, Action[] actions)
       at Umbraco.Core.Scoping.Scope.RobustExit(Boolean completed, Boolean onException)
       at Umbraco.Core.Scoping.Scope.Dispose()
       at Umbraco.Core.Persistence.UnitOfWork.ScopeUnitOfWork.DisposeResources()
       at Umbraco.Core.DisposableObjectSlim.Dispose(Boolean disposing)
       at Umbraco.Core.DisposableObjectSlim.Dispose()
       at Umbraco.Core.Services.UserService.Save(IUser entity, Boolean raiseEvents)
       at UmbracoAdminReset.ResetAdmin.ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)

is working on a reply...