October 28, 2006
@ 09:59 PM
Comments [0]
ASP.NET 2.0 Membership Login Problem

I recently had an issue with an application that uses the ASP.NET 2.0 Membership API and the standard Login control.

Basically, seemingly for no reason I could determine, all Login attempts failed with ubiquitous error “Your login attempt was unsuccessful.”.

I checked all the membership provider settings in web.config, checked the database, all the standard things. Everything was fine. After a lot of digging, even rebuilding from scratch the database tables involved, I still could not resolve the issue.

The “Lost Password’ functionality worked, it happily asked you for the answer to your secret question and e-mailed the retrieved password as it should. This told me that the infrastructure and providers were all functioning.

I added the following code to the LoginError handler in an attempt to diagnose what was happening:

    5 Protected Sub Login1_LoginError(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoginError

    6         'See if this user exists in the database

    7         Dim userInfo As MembershipUser = Membership.GetUser(Login1.UserName)

    8 

    9         If userInfo Is Nothing Then

   10             'The user entered an invalid username...

   11             LoginErrorDetails.Text = "There is no user in the database with the username " & Login1.UserName

   12         Else

   13             'See if the user is locked out or not approved

   14             If Not userInfo.IsApproved Then

   15                 LoginErrorDetails.Text = "Your account has not yet been approved by the site's administrators. Please try again later..."

   16             ElseIf userInfo.IsLockedOut Then

   17                 LoginErrorDetails.Text = "Your account has been locked out because of a maximum number of incorrect login attempts. You will NOT be able to login until you contact a site administrator and have your account unlocked."

   18             Else

   19                 'The password was incorrect (don't show anything, the Login control already describes the problem)

   20                 LoginErrorDetails.Text = String.Empty

   21             End If

   22         End If

   23 

   24     End Sub

 

The code was falling into the last else, which would indicate that the password was incorrect. Which I was very sure was not the case! I created a simple two page application from scratch, hooked it up to the same database and dropped a login control on it. And it worked! So why was my application not working?

 

Well, I stumbled on this thread on the ASP.NET Forums, the reply posted by “mandert” turned out to be the answer. There was an “empty” Login1_Authenticate event handler in the code. Apparently this prevents the internal authenticate event for the login control from firing! If you ask me this is a bug, but then again maybe not. Anyway, check your code for empty events associated with the authentication controls. Delete them, it will solve a number of issues and save you lots of hair!

 

Cheers,

 

Robert Porter


 
Categories: .NET | ASP.NET | Programming | Visual Studio
Tracked by:
"And some else, come here..." (FlasheR!) [Trackback]

« Good, Fast, Cheap... pick any two! | Home | Trinug Meeting - Special Event »