Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Steve 3 posts 73 karma points
    Nov 05, 2018 @ 14:20
    Steve
    0

    Login fails after upgrade from 7.6.13 to 7.7.0+

    Hi folks,

    I've spent the past four days trying to upgrade an Umbraco 7.3.4 installation to 7.12.3 (the current latest) so it can be converted to an Umbraco Cloud project. I've gone through many upgrade iterations now and have been upgrading to every release in sequence since 7.3.4, confirming it works, and taking a snapshot before upgrading to the next minor revision.

    What I've found is that right at 7.7.0 authentication stops working. The AuthorizeUpgrade page is reached but the same credentials that work every time at 7.6.13 fail with the generic "Login failed for user [email protected]". If I roll back to 7.6.13 I can log right in again with the same credentials.

    There are many, many post online indicating the same problem - login fails after upgrading to 7.7.0+. To date I've tried all of the solutions I can find online but still can't log in:

    Method: Follow documentation in Umbraco's 'Version specific upgrades' section for 7.7.0

    Result: No change.

    Method: Triple-check password

    Result: I wish it were that simple.

    Method: Change password to one of the known hashes

    Result: No change. I've tried every hash posted in Umbraco forums.

    Method: Change useLegacyEncoding to true in Web.config

    Result: No change.

    Method: Check log file in App_Data/Logs

    Result: No helpful information or stacktraces are logged even when the application returns 500 Internal Server Error (when attempting to reset password via Forgotten Password? link).

    Method: Change userNoConsole to False in umbracoUser table

    Result: No change. I've yet to see userNoConsole set to anything except false. failedLoginAttempts never increments.

    Method: Update mailSettings in Web.config and reset password via Forgotten Password? link

    Result: No change. I always get the error 'Request password reset failed for email [email protected]'.

    Method: Recycle IIS application pool after updating Web.config or database

    Result: No change. I'm running IIS Express via Visual Studio 2017 and have been faithfully exiting IIS Express when I happen to run instead of debug.

    Method: Delete App_Data folder before each run

    Result: No change except in performance.

    Method: Upgrade to 7.7.13, then up to 7.10.4

    Result: No change.

    Method: Update the user's securityStampToken to a new GUID in the umbracoUser table

    Result: No change.

    Method: Change usernameIsEmail to false in umbracoSettings.config

    Result: No change. My userLogin and userEmail are both my email address.

    Method: Clear cookies and cache or use Incognito Mode

    Result: No change.

    Method: Remove 301 Redirect Url package

    Result: No change. The package has not been installed on this site.

    Method: Change database password to one without an ampersand (&) in Web.config's connectionStrings

    Result: No change. Password is already one without any special characters.

    Method: Add entries to umbracoUser2UserGroup for user

    Result: No change.

    Method: Change UsersMembershipProvider in web.config to a specific string (because the poster didn't note what changed)

    Result: No change. This is the string that was posted:

    <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="10" useLegacyEncoding="true" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" allowManuallyChangingPassword="false" />
    

    Method: Start with a clean Web.config from the latest Umbraco version, compare against existing Web.config, and update accordingly

    Result: No change. My changes are just setting the connection string and updating the mailSettings to spit emails to a local folder.

    Method: Use Admin Reset dll

    Result: I get to the "success" page but I don't see the password hash changing in the database and I still can't log in.

    Method: Start over with a fresh database and fresh installation

    Result: That's not an option for me - the existing website must be upgraded.

    Any insight would be appreciated. I'm at my wit's end (at this point there's only one wit left).

  • Dan Diplo 1554 posts 6205 karma points MVP 6x c-trib
    Nov 05, 2018 @ 14:28
    Dan Diplo
    0

    Normally changing the useLegacyEncoding to true fixes this. But if you've made other changes to password hashes this might break that.

    Otherwise, have you tried this package:

    https://our.umbraco.com/packages/developer-tools/umbraco-admin-reset/

    It usually works!

  • Steve 3 posts 73 karma points
    Nov 05, 2018 @ 14:35
    Steve
    0

    Thanks for the fast response! I have indeed tried the Admin Reset dll and it says it's successful, but I don't see the password hash changing in the database and I still can't log in. I've verified it's the same database used in the connection string. I'll update the question to reflect this too.

    At this point the password hash is set to bnWxWyFdCueCcKrqniYK9iAS+7E=

    which is the hash for 'default'. When I roll back to 7.6.13 the hash does get matched for 'default' and I can log in, so I'm relatively certain it's the right hash for the password 'default'.

  • Ellery Valest 2 posts 72 karma points
    Nov 16, 2018 @ 18:40
    Ellery Valest
    0

    Did you find the solution?, I got same issue....

  • Steve 3 posts 73 karma points
    Nov 16, 2018 @ 18:47
    Steve
    0

    I wish I could say yes, but after too many hours of trying to solve this problem without any support from Umbraco my company decided to ditch Umbraco.

    I did find that the root cause is that .Net Identity doesn't generate the same password hash after the upgrade to 7.7.0, regardless of whether useLegacyEncoding is "true" or "false". Umbraco provides a thin wrapper around .Net Identity to handle authentication. I suspect that when the default authentication mechanism was changed out in 7.7.0, a bug was introduced that borks the password hash generation.

    There are many, many posts describing this problem on the Umbraco forum, StackOverflow, etc but it seems like most people have just moved past it because it relates to an older version. Good luck to you!

  • Mik 7 posts 79 karma points
    Nov 16, 2018 @ 22:35
    Mik
    0

    Something that worked for me a few times was disabling any trailing slash removal rewrites and making sure the trailing slash setting in umbracoSettings.config is the default value.

    Going by your last post it seems it wasn't the case here though.

    I totally feel your pain. I've had this issue crop up a bunch of times during upgrading and it almost seemed like different solutions worked different times, I almost went crazy and I dread any upgrade now, hoping I don't see the "Login failed for user" again. I've given up trying to understand how many instances of this problem there are.

    Sorry it didn't work out - I hope you find what you're looking for on the other side.

Please Sign in or register to post replies

Write your reply to:

Draft