问题
I have a "Internet Application" - "A default ASP.NET MVC 3 project with an account controller that uses forms authentication." called MyMv3App. I run the site in IIS Express using Ctrl + F5 and then I go to localhost:10382/Account/Register and I create a user "test1". Once the user is created I'm redirected to the Home page. I log off. Then I go to localhost:10382/Account/LogOn and type the username and password for the user "test1" and click on "Log On" button and the user is logged in. Cool, everything OK so far!
Next I add a new C# "Class Library" project and I name it MyCustomMembershipProvider. Then I download the ProviderToolkitSamples.msi from here http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx, run the msi installer, and go to the folder C:\Program Files (x86)\ASP.NET Provider Toolkit SQL Samples where all the files get installed. I then add these files to my C# Class Library project MyCustomMembershipProvider I just created, SQLMembershipProvider.cs, SecUtil.cs, SqlConnectionHelper.cs and SR.cs. (I need all these files or the C# Class Library project MyCustomMembershipProvider won't compile). Then I add a reference to System.configuration, System.Web and System.Web.ApplicationServices to the C# Class Library project MyCustomMembershipProvider. Then I build the project and then I go to MyMvc3App and I add a reference to the MyCustomMembershipProvider project.
Note: Forgot to mention that I changed the namespace for all four files in the project MyCustomMembershipProvider to "namespace MyCustomMembershipProvider" and also I renamed the class name to MyCustomMembershipProvider. And also in SQLMembershipProvider.cs line 110 I changed it from name = "SqlMembershipProvider"; to name = "MyCustomMembershipProvider";
Next I change the web.config file membership section from this:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
to this:
<membership defaultProvider="MyCustomMembershipProvider">
<providers>
<clear/>
<add name="MyCustomMembershipProvider" type="MyCustomMembershipProvider.MyCustomMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
The entire web.config looks like this now:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<add key="webpages:Version" value="1.0.0.0"/>
<add key="ClientValidationEnabled" value="true"/>
<add key="UnobtrusiveJavaScriptEnabled" value="true"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>
<membership defaultProvider="MyCustomMembershipProvider">
<providers>
<clear/>
<add name="MyCustomMembershipProvider" type="MyCustomMembershipProvider.MyCustomMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="false">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Helpers" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="System.Web.WebPages"/>
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
Now I do the exact same thing I did in the first paragraph; I go to localhost:10382/Account/Register and I create a user, this time I call the user "test2". Once the user is created I'm redirected to the Home page. I log off. Then I go to localhost:10382/Account/LogOn to log in again and type the username and password for the user "test2" and click on "Log On" button and I get the error message:
Login was unsuccessful. Please correct the errors and try again. The user name or password provided is incorrect.
Why? What did I miss? I haven't touched anything besides the namespace and that name variable in SQLMembershipProvider.cs in line 110.
I tried to understand why so I googled and found that adding the machineKey element might work. So I went to this site http://www.developmentnow.com/articles/machinekey_generator.aspx and generated a ASP.NET 2.0 machineKey and copy pasted it into web.config's system.web element:
<machineKey
validationKey="A5E72C3BF96D34B9401278890361AA0949EAE806B124573AC3C1A8D77936B4E42BB1374D1DA443706C4E575B7F1234CB48F4CF52444CB4B1F343994752416569"
decryptionKey="47869B2D1F1D3EBC92FCC4C2D7B0EFB707535925E116AEF85F470E138A6C8CB5"
validation="SHA1" decryption="AES"
/>
I once again did the exact same thing as before; I go to localhost:10382/Account/Register and I create a user, I'm calling the user "test3" this time. Once the user is created I'm redirected to the Home page. I log off. Then I go to localhost:10382/Account/LogOn and type the username and password for the user "test3" and click on "Log On" button and BAM! the user is once again logged in!?
Why did I have to manually configure a machineKey with a generated validationKey and decryptionKey in web.config for the MyCustomMembershipProvider to be able to work with the login page? As far as I have seen there is not a single article / page / blog that talks about adding a machineKey element to your web.config for your custom membership provider to be able to work!
UPDATE 1: Adding hashAlgorithmType="SHA1" works as well:
<membership defaultProvider="MyCustomMembershipProvider" hashAlgorithmType="SHA1">
Funny thing though is that MSDN says SHA1 is the default!?
hashAlgorithmType Optional String attribute. Specifies the name of the encryption algorithm that is used to hash password values. The value of this attribute corresponds to the name attribute of a nameEntry element in the cryptoNameMapping configuration section. For information about specifying a custom hash algorithm, see Mapping Algorithm Names to Cryptography Classes. The default is SHA1.
UPDATE 2: After reading up on Microsoft latest technologies I decided to share some of the findings I discovered regarding their latest Mebership provider; SimpleMembership. I'm at the stage in my personal project where I've decided to drop the CustomMembershipProvider from the ASP.NET 2.0 days I built and use SimpleMembership provider instead. Why? Well you have all the info you'll ever want to know in the following blogpost by Jon Galloway. I'm also adding some more links to resources worth checking out. According to Microsoft SimpleMembership is the successor to ASP.NET 2.0 Membership.
http://weblogs.asp.net/jgalloway/archive/2012/08/29/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates.aspx
http://mvccentral.net/Story/Details/tools/kahanu/securityguard-nuget-package-for-asp-net-membership
http://blog.longle.net/2012/09/25/seeding-users-and-roles-with-mvc4-simplemembershipprovider-simpleroleprovider-ef5-codefirst-and-custom-user-properties/
http://blog.osbornm.com/archive/2010/07/21/using-simplemembership-with-asp.net-webpages.aspx
http://blogs.msdn.com/b/rickandy/archive/2012/08/15/initializesimplemembership-attribute-and-simplemembership-exceptions.aspx
来源:https://stackoverflow.com/questions/8965502/the-user-name-or-password-provided-is-incorrect-in-mvc-3-internet-application