Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Kieron 138 posts 354 karma points
    Jan 22, 2019 @ 16:53
    Kieron
    0

    [£50 Bounty] Moved Umbraco site to new server, now login system isnt working

    I really want this issue gone, so £50 to the person who resolves it

    I Built a site as title suggests, all OK, using the default database that Umbraco creates for you so everything is self contained, ive since moved the site now to a new server but im facing an issue where using:

    var loginStatusModel = Members.GetCurrentLoginStatus();

    and then later:

    @if (loginStatusModel.IsLoggedIn)
    { 
    
    }
    else {
    
    }
    

    Trouble is its always hitting my else case, so the member system is effectively not working since moving the site over. Any ideas? Thanks Using umbraco 7.11.1

    I have in the logs reporting this;

     2019-01-30 14:34:37,920 [P5684/D3/T4] INFO  Umbraco.Core.Security.UmbracoMembershipProviderBase - Login attempt succeeded for username masterreview from IP address
    

    Implying the member is logged in, but the page still hits the else.

    The site works perfectly on the server it was developed on & locally when I use IIS Express, but not when I move it, no code changes take place.

    I believe it's an environmental issue which is tricky to guess I know, but if you can think of anything like in IIS change X to false just say it, ill try it, and if that's it, you get the bounty.

  • Kieron 138 posts 354 karma points
    Jan 28, 2019 @ 12:35
    Kieron
    0

    Anyone got any ideas? :)

  • John Bergman 424 posts 976 karma points
    Jan 28, 2019 @ 19:19
    John Bergman
    1

    Check to make sure you have specified the encryption key in your web.config; I believe it would use a machine key if you havent.

  • Kieron 138 posts 354 karma points
    Jan 29, 2019 @ 09:01
    Kieron
    0

    Hi John, thats a good shout actually, ive found this in the web.config:

    <machineKey validationKey="0000000000000000000000000000000000000000000000000" decryptionKey="0000000000000000000000000000000000000" validation="HMACSHA256" decryption="AES" />
    

    Changed the values for the forum, dunno if thats necessary :p, but how would i know what to change it too, do i just need to get the machineKey of the new machine?

  • Stefano 60 posts 309 karma points c-trib
    Feb 06, 2019 @ 09:36
    Stefano
    1

    You'd need to match the old machine, but chances are you never set it there! Maybe you can get them like this https://stackoverflow.com/a/22559279/3091524?

  • Kieron 138 posts 354 karma points
    Feb 06, 2019 @ 09:38
    Kieron
    0

    Hi Stefano, I do have the site still live on the place I developed it in where it works perfectly, so when I copied the site, it would have had the original key but is that what you mean?

    I will copy the key from the original place if so because I've no doubt messed with it since!

    Also for reference, it has been moved to other locations and worked too! Just not the one place i need it to work.

  • Stefano 60 posts 309 karma points c-trib
    Feb 06, 2019 @ 09:51
    Stefano
    1

    No, you can manually specify the keys, or the machine is going to make one for you that is specific to your hardware. So if you didn't specify one (in the web.config I think) then your new machine is making up a new one.

  • Kieron 138 posts 354 karma points
    Feb 06, 2019 @ 09:58
    Kieron
    0

    Ok so go to the original site, get the entire line ie;

    <machineKey validationKey="eeeeeeeeeeeeeeeeeeeeeee" decryptionKey="eeeeeeeeeeeeeeeeeeee" validation="HMACSHA256" decryption="AES" />

    And overwrite the new location's line?

  • Stefano 60 posts 309 karma points c-trib
    Feb 06, 2019 @ 10:04
    Stefano
    0

    Yes, if you can find it (I doubt it)

  • Kieron 138 posts 354 karma points
    Feb 06, 2019 @ 10:28
    Kieron
    0

    Hmm, I have found it, which kind of implies it already had the key when I transferred it over.

    But I have also since changed the key to one that the new machine generated with a new site to see if that was the issue, so I will change it back and try again.

  • Kieron 138 posts 354 karma points
    Feb 06, 2019 @ 11:01
    Kieron
    0

    I just matched it Stefano;

    Stopped the site, took it from the old site, overwrite the one in the new site, started the site, but still the same result.

    Logs indicate a successful login but site displays otherwise.

  • Benjamin Carleski 5 posts 77 karma points c-trib
    Feb 07, 2019 @ 16:04
    Benjamin Carleski
    1

    Since there isn't a clear answer to what might be causing the problem, it might be helpful to break down possible sources. Is it because the user isn't authenticated? Is it because the authentication isn't being passed through correctly? Is it because the object you are getting is changing state at some point?

    Take a look at the MembershipHelper.GetCurrentLoginStatus method (line 547 at https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Security/MembershipHelper.cs). If you can debug on the new site, add a breakpoint at the point you call that method and take a look at the various pieces of information that method uses. If you can't debug, add some logging output or hidden output on the page that shows you those pieces of information.

    Some information that might be useful to know:

    • Members.IsLoggedIn()
    • Members.IsUmbracoMembershipProviderActive()
    • HttpContext.Current.User != null
    • HttpContext.Current.User.Identity.IsAuthenticated

    The IsLoggedIn() call and the user information would be good to do both before and after your call to GetCurrentLoginStatus, because if there was an issue looking up their member record it would result in being logged in before that call, but logged out after it. This would happen in the if blocks at either line 564 or 580.

    If you find that the user is not logged right before making the call, but you still see in the logs that they were logged in, you've probably got something earlier in the request processing chain that is either intentionally or accidentally logging them out. Try using Tracing or the mini-profiler to see what all is going on in the request, and see if you can add a breakpoint or a log entry in between when they get logged in and where your code is breaking, to try and isolate the culprit.

  • Kieron 138 posts 354 karma points
    Feb 07, 2019 @ 17:20
    Kieron
    0

    Hi Benjamin, I'm just leaving work so apologies for the low effort reply, I've got this code in the site:

    <div>Login Status (member): @Members.IsLoggedIn()</div>
    <div>GetLoginStatus: @Members.GetCurrentLoginStatus()</div>
    <div>GetLoginStatus-Status: @Members.GetCurrentLoginStatus().IsLoggedIn </div>
    <div>UserProfile: @Members.GetCurrentMemberProfileModel();</div>
    

    And it's displaying the following after clicking my login button:

    Login Status (member): False
    GetLoginStatus: Umbraco.Web.Models.LoginStatusModel
    GetLoginStatus-Status: False 
    UserProfile: ;
    

    Which, I know what your thinking, it's clear it's not logging in, but I haven't changed a single thing in moving the site, and the IIS logs report that the user logged in successfully.

    I will go over your reply properly soon but just wanted to reply with this, thanks :)

  • Benjamin Carleski 5 posts 77 karma points c-trib
    Feb 07, 2019 @ 18:18
    Benjamin Carleski
    0

    If you are seeing the message in the logs saying it authenticated someone with the membership provider, it is likely that they are actually logged in, or were at some point in the process. Whether they were then logged out before they got to the page you put the login status information on, or whether they were logged out as part of the processing of the page you put the login status on, is something you'll need to look into.

    I'm sure you are right, that it is some environmental or config issue different between the sites, but I don't know which such thing could cause the error you're seeing. I still think it would be helpful to see the output of the IsUmbracoMembershipProviderActive() call, as well as the status of the User object directly, and it would be good to see if, with Tracing, you can tell whether IIS authenticated the request at all, or if they were logged out somewhere earlier in the process.

  • Tarik 133 posts 583 karma points
    Feb 07, 2019 @ 23:22
    Tarik
    0

    Have you tried to check the web.config file at

    <remove name="FormsAuthentication" />
    <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
    
  • Kieron 138 posts 354 karma points
    Feb 08, 2019 @ 09:52
    Kieron
    0

    Hi Tarik, check it for what, that those lines are there? or not there? Thanks! :)

  • Tarik 133 posts 583 karma points
    Feb 08, 2019 @ 10:58
    Tarik
    0

    Kieron, peace be upon those who follow guidance

    Because I think the issue is related to authentication, more details below:

    1. Troubleshooting forms authentication.
    2. ASP.NET Forms Authentication.

    Case of login status issue.

  • Kevin Pang 1 post 71 karma points
    Feb 08, 2019 @ 10:02
    Kevin Pang
    0

    Is the authentication cookie being created? Maybe there' s a permission issue around that?

  • Kieron 138 posts 354 karma points
    Feb 13, 2019 @ 14:41
    Kieron
    101

    I fixed it, it was Forms Authentication that was disabled in IIS.

  • Tarik 133 posts 583 karma points
    Feb 15, 2019 @ 00:07
    Tarik
    0

    I think that was my answer Kieron, which is mentioned in MS site as configuration from 3 ways.

    Is there a bounty?

  • Kieron 138 posts 354 karma points
    Feb 15, 2019 @ 09:12
    Kieron
    0

    Yep that's fair Tarik, initially I didn't understand your recommendation but now I have resolved it I can see what you were saying with:

    <remove name="FormsAuthentication" />
    <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
    

    Do you have PayPal? You can PM me.

    :)

    I just realised there might not be a private message system on this website, you can find me on Slack, or just post your PayPal + Ill get it and you can remove it then.

  • Tarik 133 posts 583 karma points
    Feb 15, 2019 @ 22:17
    Tarik
    0

    Kieron, I was using Paypal with Payoneer mastercard but I canceled to use them for some reasons I prefer to use westerunion or moneygram and count fees from the bounty.

    I'm tarik rital from morocco ouarzazate city otherwise join me at sip:+212643636321[at]sip.linphone.org opensource voip project or in ##umbraco irc channel.

    In case moderation see this as bad place to post this info just notify me to remove what is undesirable.

  • Kieron 138 posts 354 karma points
    Feb 18, 2019 @ 09:08
    Kieron
    0

    Ok Tarik I will look to see if I can sign up to one of these services!

  • Tarik 133 posts 583 karma points
    Feb 25, 2019 @ 19:12
    Tarik
    0

    Kieron, I did a test on WU site and I found it offers 4 ways I don't obligate one of them but the one which fit your status.

    enter image description here

  • Kieron 138 posts 354 karma points
    Feb 25, 2019 @ 19:35
    Kieron
    0

    Hi Tarik, come onto IRC so you can send me your details.

  • Tarik 133 posts 583 karma points
    Feb 25, 2019 @ 20:44
    Tarik
    0

    Kieron, peace be upon those who follow guidence.

    I'm there now (##umbraco room)

Please Sign in or register to post replies

Write your reply to:

Draft