问题
Membership.ValidateUser methods works on development server both(iis express and cassini). But on my IIS (its publishing as an application on my development machine) It always return false.
Even user is approved,not locked and username and password are correct. There is no trace error. ?
http request 1: davutg-pc:6423/BpmService/Login?userName=abc&password=0035
result 1: < boolean >true< /boolean >
http request 2: davutg-pc/BPM/BpmService/Login?userName=abc&password=0035
result 2 :< boolean > false < /boolean >
Here are my settings
<roleManager enabled="true" defaultProvider="MySQLRoleProvider"/>
<machineKey validationKey="E8B40EEA5A8EFC6F...key" decryptionKey="385..." validation="SHA1" />
<membership defaultProvider="MySQLMembershipProvider" hashAlgorithmType="SHA1">
<providers>
<remove name="MySQLMembershipProvider" />
<add type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.5.5.0, Culture=neutral,
PublicKeyToken=c5687fc88969c44d"
name="MySQLMembershipProvider"
connectionStringName="LocalMySqlServer"
minRequiredPasswordLength="3"
minRequiredNonalphanumericCharacters="0"
requiresUniqueEmail="false"
requiresQuestionAndAnswer="false"
passwordFormat="Encrypted"/>
I compared machine.configs are the same Framework 64 and Framework.
It works on development server but on IIS always return false. I can query different services with IIS and no such problem.
IN ADDITION: When I enter wrong password "FailedPasswordAttemptCount" increased for development server. But it doesn't change for IIS. What's going wrong with IIS. I just call Membership.ValidateUser(user,pass)
Any suggestion will be appreciated !
回答1:
Solved! Hope this will save someone's time.
The problem was the application name.
host:port/Service
host/BPM/Service
note:BPM is applicaton name you give it on IIS.
Membership encryption algorithm uses "ApplicatonName". When I setup applicaton I used BPM as application name. on development server the "name" return "/". But its "BPM" on IIS !
All my old passwords was generated with "/" appliacion name. So always provide an application Name. Read this article from Scott-Gu 's blog.
public bool Login(string userName,string password)
{
var provider = Membership.Provider;
string name = provider.ApplicationName;
return Membership.ValidateUser(userName, password);
}
//Wrong one
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System...bla bla"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/" //Wrong
/>
</providers>
</membership>
//Right one
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.S.. bla bla"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="MyAPPNAME" //Well :)
/>
</providers>
</membership>
回答2:
I also faced this issue and I couldn't fix it for two weeks.
Focus on the creation of the member using CreateUser():
MembershipCreateStatus createStatus;
MembershipUser member =
Membership.CreateUser(TextBox_username.Text.Replace("'", "''"),
TextBox_password.Text.Replace("'", "''"),
TextBox_email.Text.Replace("'", "''"), null, null, true, out createStatus);
Check how the CreateUser() function is called. It should be like this.
来源:https://stackoverflow.com/questions/14828185/membership-validateuser-always-return-false-on-iis