Security :: Login Control Not Working On The Server?
Feb 9, 2010
I made a login control in a webapplication with a membership provider and a role provider. The problem is when I enter the username and the password in the login control (on my system i.e localhost) the user authenticated and redirected without any problem, but when I deploy my webapplication with my database on a host server the login control cant authenticate the same user and tells me "Login attempt was not successful".
I have a login control that is working beautifully on my localhost, but not working on the server. It validates my username & password - and gives me an error if I enter an invalid username/password. However, if I enter the correct username/password, the page refreshes, but does not redirect me to the "ReturnUrl" that I see in the URL. I've seen posts on this, but nothing that I tried worked. I've tried setting the 'MembershipProvider'attribute of the login control. I don't want to set the DestinationUrl...I want it to take what is in the ReturnUrl in the querystring. I don't think it's a web.config issue cuz it works on localhost??
I am a newbie to asp.net and have recently been building a web... I have a login control on the main page which when logged in verifys the user and redirects them to the home page... I published this to the server previously and it worked. Today when I tried logging into my system however I got the following error message:-
"Your login attempt was not successful. Please try again."
The accounts did work before but since I have uploaded a newer version of my program onto the server the above message is displayed. I have been on many websites and read previous forums with suggesstions to add <roles> in the web.config file however the login control worked before and I have not changed anything on the site apart from a different page that doesnt affect the login.
Few points to make... the login control is using the asp.net configuration pre built tables it generates for you, I have created the users and roles inside of asp.net configuration so it is not a custom membership... I am at a complete loss as how to get my login control to work having tried to insert roles into the webconfig file.
I was hoping someone could run me through how to get the login control working properly on my website. I have seen many people's posts on a similar issue, but nothing seems to have worked, and I think I may have been doing something wrong.
Here's what I've done:-
I am using my laptop with Windows XP Professional Edition, which is running IIS 5.1. I have setup my system with the Web Platform Installer, which uses Visual Web Developer and SQL Server Express 2008.
I added a database in SQL Management Studio, and created an ASP.NET Membership Schema to it using the aspnet_regsql.exe tool. In my web.config file, I created a connection string to this database used both in the code, and with the asp membership.
According to all tutorials I have seen on the ASP.NET login control, I am using <authentication mode="Forms"> in my web.config.
When I run my website via debugging in Visual Web Developer, everything works fine. I can view my site, log in, and it all works as expected.
MOVING TO IIS:
I have set up my site in IIS 5.1, and can access my site through a browser by going to ttp://website.local, as set up in IIS and my hosts file. The site comes up fine, but when I try to login through the login control, I now get the error:-
Cannot open database "ManagementCentral" requested by the login. The login failed. Login failed for user 'LAPTOPASPNET'.
I have looked through numerous posts and blogs saying that to fix this, I need to grant database access to my ASPNET user, or set up 'impersonation'. The problem is, as you can tell by my connection string, I don't actually have a user called 'ASPNET'. I have checked this in my database.
I tried adding a new user, which has a SQL Server Authentication and password, and db_owner access to my 'Management Central' database. I then added this information into my web.config connection string, which now looks like this:-
just basically as it says in the subject. After I deploy my asp.net 4.0 website, the login control just refreshes itself after a valid username and password have been filled in instead of doing a redirect. The connection to the database works, because I can register and stuff from the database shows up in my website.
When a user logs in I check whether they have the minimum profile info entered. If they do not then I want to redirect them to the account maintenance page, otherwise I want to redirect them to the page where the login link was clicked. To accomplish this. I am trying to override DestinationPageUrl at the LoggedIn event. Isn't working ... the redirect is always to the page where the login link was clicked. Here's my (relevant) code:
I have found that eventually the login control I place on my page will not authenticate. The solution appears to be to delete it and replace it with a new instance. Obviously this is not tenable. Can someone enlighten me as to why it might stop working for no apparent reason such that simply deleting it and putting a new instance in place will restore functionality? Update: I find it very sensitive. I just did the above described action, got it working again, found that the Authenticate event was no longer properly wired and tried to fix it by removing the '1' from the Authenticate1 in this line. That was sufficient to kill the control which required me to once again delete it and replace. I cannot believe the login control is that sensitive or no one would touch it. What gives?
Why am I not able to login using my login control if I set the sql server database option for Recursive Triggers Enabled to "True"? Whenever I attempt to do so, I receive an error message on attempting to login that states "Your attempt to log in was not successful..."?
I have just turned on all membership infrastructure, maked an "Administrator" and successfully logined using standard LoginForm control.But when I uploaded my website on hosting server, I couldn't login anymore.I have MachineKey in web.config. Perhaps I need to set something on server (it is my VDS).
I am doing a simple secured site using the login control. I would like users to be redirected to their dashboard page once they log in, but after that if they choose to browse I do NOT want them redirected based on their login status. I am using the generic template provided in VWD with the basic login setup in the template including the tabbed ASP menu control - nothing fancy, nothing custom. This is intended to be something very simple and quick. Here is the code I am using for the page load...
So if I do this code WITHOUT the "IsPostBack", logged in users are always redirected to their dashboard and cannot see the hompage. However with that IsPostBack test, the redirect after initial login doesn't work.
I know this is extremely basic and simple, but I am restarting with this stuff after a year away, and I need a nudge.
We have created a windows application which is distributed amongst our clients. The application uses SQL Server 2008 as the back end and each client uses their own database on their own server. The databases are all exactly the same but each clients data is specific only to them.
We would like to offer our clients the ability to log-in to our website which would then login to their own database so that when they are out in the field they can perform similar tasks to what they can do with the windows app.Each of the clients databases has a user table containing their login details, permissions etc.
Our server is running on IIS and has SQL Server 2008 installed but it only contains our data and nothing of the clients.How should we go about this?
What I mean is do we need to make each client have an additional login to our main server which would then hold each clients individual connection strings etc which would then be used to connect to there specific database and then they would need to login again?? Seems like a nightmare for the user.
While i was using asp.net2.0 login control on IIS6.0 (WINDOWS SERVER2003) ON INTRANET FOR Login it shows login failed even it was working right on asp.net development server. i was using asp.net membership provider for this
I am working on an e-commerce project using ASP.Net and C#.Net (Visual Studio 2005-Windows XP).
I am facing problems in the login module. I created the login accounts using the roles and users in the ASP.Net Website Administration Tool. The login module is working fine when I test the website within the Visual Studio. I mean the login form is working properly under the Development Server integrated in the Visual Studio. What I want is to make this work properly under IIS (i.e. the Production Server). When I deployed the project to the IIS, the login form with the login control is displayed, but cannot login and gives a login failed message. . I have searched about this issue in Google and they are providing good tutorial links to solve this issue. Even after reading those I couldn't solve this as I am new to Web Development. Can you provide me a sample source code with the web.config and also a description of the major steps in configuring IIS to support the role based login?
I had gone through the following titles under google
"Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers".
I know that the login controls provide some powerful "straight out of the box" functionality for creating functionality for storing and logging in users. However, all of this fucntionality seems to be based upon having a unique username, and the users email address is stored separately. The login control, http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.aspx, automatically creates a database http://msdn.microsoft.com/en-us/library/ms178329.aspx#the_login_control to store the user information, and looking at the table definitions, there are separate entries for the username and password in different tables.
I have a web app that uses the Membership Provider to authenticate users.Everything worked fine until today... when I tryed to log in it failed. I looked in the database if something went wrong there and the user is deleted but everything looks fine there.I tryed to recover the password using the user name and i got an error that the user is not recognized.I tyed to recover the password (even though I am sure what the password is) but still no luck... (I get an error that hased passwords can not be decrypted)I triyed it in local host and guess what ... still the same... this is the provider section in my web config
My expectation is once the user logs out and if he tries to access any url directly by typing in the browser he should be redirect to login page.But this is not happening now. I have checked the session. it is getting cleared properly while logout. But the user is take in to the screen. How can i fix this? I am looking for something which i can write in the base class so thati need to have to write the same in all the pages. Also this should work in the case of login page(it should not redirect to login page again if try to access login page once user logs out. please not login page also inherits base class).
I have a sitemap of 5 items. 2 items i only want the admin to see. I want the user to be able to login and the system recognise who it is and if an admin, bring up the 2 items in the sitemap. If not an admin, hide the items.