Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I really want this issue gone, so £50 to the person who resolves it
I Built a site as title suggests, all OK, using the default database that Umbraco creates for you so everything is self contained, ive since moved the site now to a new server but im facing an issue where using:
var loginStatusModel = Members.GetCurrentLoginStatus();
and then later:
Trouble is its always hitting my else case, so the member system is effectively not working since moving the site over. Any ideas? Thanks
Using umbraco 7.11.1
I have in the logs reporting this;
2019-01-30 14:34:37,920 [P5684/D3/T4] INFO Umbraco.Core.Security.UmbracoMembershipProviderBase - Login attempt succeeded for username masterreview from IP address
Implying the member is logged in, but the page still hits the else.
The site works perfectly on the server it was developed on & locally when I use IIS Express, but not when I move it, no code changes take place.
I believe it's an environmental issue which is tricky to guess I know, but if you can think of anything like in IIS change X to false just say it, ill try it, and if that's it, you get the bounty.
in IIS change X to false
Anyone got any ideas? :)
Check to make sure you have specified the encryption key in your web.config; I believe it would use a machine key if you havent.
Hi John, thats a good shout actually, ive found this in the web.config:
<machineKey validationKey="0000000000000000000000000000000000000000000000000" decryptionKey="0000000000000000000000000000000000000" validation="HMACSHA256" decryption="AES" />
Changed the values for the forum, dunno if thats necessary :p, but how would i know what to change it too, do i just need to get the machineKey of the new machine?
You'd need to match the old machine, but chances are you never set it there! Maybe you can get them like this https://stackoverflow.com/a/22559279/3091524?
Hi Stefano, I do have the site still live on the place I developed it in where it works perfectly, so when I copied the site, it would have had the original key but is that what you mean?
I will copy the key from the original place if so because I've no doubt messed with it since!
Also for reference, it has been moved to other locations and worked too! Just not the one place i need it to work.
No, you can manually specify the keys, or the machine is going to make one for you that is specific to your hardware. So if you didn't specify one (in the web.config I think) then your new machine is making up a new one.
Ok so go to the original site, get the entire line ie;
<machineKey validationKey="eeeeeeeeeeeeeeeeeeeeeee" decryptionKey="eeeeeeeeeeeeeeeeeeee" validation="HMACSHA256" decryption="AES" />
And overwrite the new location's line?
Yes, if you can find it (I doubt it)
Hmm, I have found it, which kind of implies it already had the key when I transferred it over.
But I have also since changed the key to one that the new machine generated with a new site to see if that was the issue, so I will change it back and try again.
I just matched it Stefano;
Stopped the site, took it from the old site, overwrite the one in the new site, started the site, but still the same result.
Logs indicate a successful login but site displays otherwise.
Since there isn't a clear answer to what might be causing the problem, it might be helpful to break down possible sources. Is it because the user isn't authenticated? Is it because the authentication isn't being passed through correctly? Is it because the object you are getting is changing state at some point?
Take a look at the MembershipHelper.GetCurrentLoginStatus method (line 547 at https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Security/MembershipHelper.cs). If you can debug on the new site, add a breakpoint at the point you call that method and take a look at the various pieces of information that method uses. If you can't debug, add some logging output or hidden output on the page that shows you those pieces of information.
Some information that might be useful to know:
The IsLoggedIn() call and the user information would be good to do both before and after your call to GetCurrentLoginStatus, because if there was an issue looking up their member record it would result in being logged in before that call, but logged out after it. This would happen in the if blocks at either line 564 or 580.
If you find that the user is not logged right before making the call, but you still see in the logs that they were logged in, you've probably got something earlier in the request processing chain that is either intentionally or accidentally logging them out. Try using Tracing or the mini-profiler to see what all is going on in the request, and see if you can add a breakpoint or a log entry in between when they get logged in and where your code is breaking, to try and isolate the culprit.
Hi Benjamin, I'm just leaving work so apologies for the low effort reply, I've got this code in the site:
<div>Login Status (member): @Members.IsLoggedIn()</div>
<div>GetLoginStatus-Status: @Members.GetCurrentLoginStatus().IsLoggedIn </div>
And it's displaying the following after clicking my login button:
Login Status (member): False
Which, I know what your thinking, it's clear it's not logging in, but I haven't changed a single thing in moving the site, and the IIS logs report that the user logged in successfully.
I will go over your reply properly soon but just wanted to reply with this, thanks :)
If you are seeing the message in the logs saying it authenticated someone with the membership provider, it is likely that they are actually logged in, or were at some point in the process. Whether they were then logged out before they got to the page you put the login status information on, or whether they were logged out as part of the processing of the page you put the login status on, is something you'll need to look into.
I'm sure you are right, that it is some environmental or config issue different between the sites, but I don't know which such thing could cause the error you're seeing. I still think it would be helpful to see the output of the IsUmbracoMembershipProviderActive() call, as well as the status of the User object directly, and it would be good to see if, with Tracing, you can tell whether IIS authenticated the request at all, or if they were logged out somewhere earlier in the process.
Have you tried to check the web.config file at
<remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
Hi Tarik, check it for what, that those lines are there? or not there? Thanks! :)
Kieron, peace be upon those who follow guidance
Because I think the issue is related to authentication, more details below:
Case of login status issue.
Is the authentication cookie being created? Maybe there' s a permission issue around that?
I fixed it, it was Forms Authentication that was disabled in IIS.
I think that was my answer Kieron, which is mentioned in MS site as configuration from 3 ways.
Is there a bounty?
Yep that's fair Tarik, initially I didn't understand your recommendation but now I have resolved it I can see what you were saying with:
Do you have PayPal? You can PM me.
I just realised there might not be a private message system on this website, you can find me on Slack, or just post your PayPal + Ill get it and you can remove it then.
Kieron, I was using Paypal with Payoneer mastercard but I canceled to use them for some reasons I prefer to use westerunion or moneygram and count fees from the bounty.
I'm tarik rital from morocco ouarzazate city otherwise join me at sip:+212643636321[at]sip.linphone.org opensource voip project or in ##umbraco irc channel.
In case moderation see this as bad place to post this info just notify me to remove what is undesirable.
Ok Tarik I will look to see if I can sign up to one of these services!
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted