RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't
Hi Katherine, I'll have to let someone else that uses that membership provider answer that one. I took one look at it when it was released and decided it wasn't for me. I felt like I was in a parallel universe. Everyone in the room was talking about how fast it was to build and I was looking at the methods, etc. and thinking didn't they ever read any of the framework design guidelines? Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: http://www.sqldownunder.com/ www.sqldownunder.com From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Katherine Moss Sent: Wednesday, 10 July 2013 11:07 PM To: ozDotNet Subject: RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't That's the funny thing; when I try and retrieve the passwords for either of these two accounts, instead of having email directed to the local server (I don't have SmarterMail configured yet), I get the we can't locate your account message from Sueetie, then when I go to retrieve the user name of the account, I was able to get a temporary email sent to the local server (only for my account, and not the default administrator account), so figuring that the temp password expired since it wasn't working when Forms authentication had accidentally gotten shut off, I attempted to make another temporary password via the forgot user name link on the page. It was then when my account got locked out. Never happened before, and as far as I can tell, the default administrator account is nonexistent now. But it is only these two accounts that are causing problems now; everyone elses works fine. So my solution to this problem is instead of futzing around trying to figure out why these aren't working, I could make my friend an administrator and allow her to delete them and then recreate them. (she's an admin anyway.) But my problem is how to query the ASP.net membership tables in the database in order to ensure that the change gets replicated from database to site. Correct me if I'm wrong, but this is the aspnet_roles table I'm looking to access, right? And if so, what is the statement I would use to make this change? (I'm very weak in Transact-SQL at the moment, but it's thanks to cool folks like you guys that I learn). Looks like flipping forms authentication on and off really shuddered this thing. Jees. From: ozdotnet-boun...@ozdotnet.com mailto:ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of GregAtGregLowDotCom Sent: Wednesday, July 10, 2013 12:03 AM To: ozdotnet@ozdotnet.com mailto:ozdotnet@ozdotnet.com Subject: RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't Hi Katherine, It's not saying that the account or the password are wrong. It's saying that the account is locked out. Is it set up to automatically unlock accounts after a period of time? Is there a flag in the database that holds the authentication details that says whether or not an account is locked? Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: http://www.sqldownunder.com/ www.sqldownunder.com From: ozdotnet-boun...@ozdotnet.com mailto:ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Katherine Moss Sent: Wednesday, 10 July 2013 1:57 PM To: ozdotnet@ozdotnet.com mailto:ozdotnet@ozdotnet.com Subject: Still trying to fix authentication on an ASP.net application: some accounts work and others don't Hi guys, This is driving me crazy. I'm trying to fix my web site and the authentication modules. I have since replaced the web.config file and some people are able to log into the site. I cannot log in either as the main administrator with a user name of admin, or as my secondary account, yet my friend's able to log in just fine. I get the following error message when trying to retrieve my user name since the site can no longer locate my account: Server Error in '/' Application. _ The user account has been locked out. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Web.Security.MembershipPasswordException: The user account has been locked out. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [MembershipPasswordException: The user account has been locked out.] System.Web.Security.SqlMembershipProvider.ResetPassword(String username, String passwordAnswer) +1840
Re: Still trying to fix authentication on an ASP.net application: some accounts work and others don't
Here's some DotLisp methods to extract locked-out details: ; This retrieves the list of users currently locked-out. (def (locked-out) (sqlselect username from aspnet_users u join aspnet_membership m on u.userid=m.userid where islockedout0 :connect *default-connect-string :returns 'col)) ; This unlocks a user. (def (unlock user) (sql(+ update m set islockedout=0 from aspnet_users u join aspnet_membership m on u.userid=m.userid where islockedout0 and username= (quote-string user)) :connect *default-connect-string :returns 'non-query)) ; This retrieves the password if you're using clear-text password storage. (def (get-password user) (sql(+ select password from aspnet_users u join aspnet_membership m on u.userid=m.userid where username= (quote-string user)) :connect *default-connect-string :returns 'val)) You can effectively ignore the DotLisp and see these as SQL queries. -- Regards, *Mark Hurd*, B.Sc.(Ma.)(Hons.) On 11 July 2013 13:23, Katherine Moss katherine.m...@gordon.edu wrote: Thanks. I’m also checking all of the stored procedures; I think there is one for at least every action on the site (there are 697 of them). I’ll go to the forums if I cannot find what I’m looking for, though I know that this is very easy. And I’m curious, if you don’t use ASP.net membership built into the framework, then what on earth do you use for membership in ASP.net applications? ** ** *From:* ozdotnet-boun...@ozdotnet.com [mailto: ozdotnet-boun...@ozdotnet.com] *On Behalf Of *GregAtGregLowDotCom *Sent:* Wednesday, July 10, 2013 8:31 PM *To:* ozDotNet *Subject:* RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't ** ** Hi Katherine, ** ** I’ll have to let someone else that uses that membership provider answer that one. I took one look at it when it was released and decided it wasn’t for me. I felt like I was in a parallel universe. Everyone in the room was talking about how fast it was to build and I was looking at the methods, etc. and thinking “didn’t they ever read any of the framework design guidelines?” ** ** Regards, ** ** Greg ** ** Dr Greg Low ** ** 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913fax SQL Down Under | Web: www.sqldownunder.com ** ** *From:* ozdotnet-boun...@ozdotnet.com [ mailto:ozdotnet-boun...@ozdotnet.com ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Katherine Moss *Sent:* Wednesday, 10 July 2013 11:07 PM *To:* ozDotNet *Subject:* RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't ** ** That’s the funny thing; when I try and retrieve the passwords for either of these two accounts, instead of having email directed to the local server (I don’t have SmarterMail configured yet), I get the “we can’t locate your account” message from Sueetie, then when I go to retrieve the user name of the account, I was able to get a temporary email sent to the local server (only for my account, and not the default administrator account), so figuring that the temp password expired since it wasn’t working when Forms authentication had accidentally gotten shut off, I attempted to make another temporary password via the forgot user name link on the page. It was then when my account got locked out. Never happened before, and as far as I can tell, the default administrator account is nonexistent now. But it is only these two accounts that are causing problems now; everyone elses works fine. So my solution to this problem is instead of futzing around trying to figure out why these aren’t working, I could make my friend an administrator and allow her to delete them and then recreate them. (she’s an admin anyway.) But my problem is how to query the ASP.net membership tables in the database in order to ensure that the change gets replicated from database to site. Correct me if I’m wrong, but this is the aspnet_roles table I’m looking to access, right? And if so, what is the statement I would use to make this change? (I’m very weak in Transact-SQL at the moment, but it’s thanks to cool folks like you guys that I learn). Looks like flipping forms authentication on and off really shuddered this thing. Jees. ** ** *From:* ozdotnet-boun...@ozdotnet.com [ mailto:ozdotnet-boun...@ozdotnet.com ozdotnet-boun...@ozdotnet.com] *On Behalf Of *GregAtGregLowDotCom *Sent:* Wednesday, July 10, 2013 12:03 AM *To:* ozdotnet@ozdotnet.com *Subject:* RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't ** ** Hi Katherine, ** ** It’s not saying that the account or the password are wrong. It’s saying that the account is locked out. Is it set up to automatically unlock accounts after a period of time? Is there a flag in the database that holds the authentication details that
RE: Still trying to fix authentication on an ASP.net application: some accounts work and others don't
Hi Katherine, It's not saying that the account or the password are wrong. It's saying that the account is locked out. Is it set up to automatically unlock accounts after a period of time? Is there a flag in the database that holds the authentication details that says whether or not an account is locked? Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: http://www.sqldownunder.com/ www.sqldownunder.com From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Katherine Moss Sent: Wednesday, 10 July 2013 1:57 PM To: ozdotnet@ozdotnet.com Subject: Still trying to fix authentication on an ASP.net application: some accounts work and others don't Hi guys, This is driving me crazy. I'm trying to fix my web site and the authentication modules. I have since replaced the web.config file and some people are able to log into the site. I cannot log in either as the main administrator with a user name of admin, or as my secondary account, yet my friend's able to log in just fine. I get the following error message when trying to retrieve my user name since the site can no longer locate my account: Server Error in '/' Application. _ The user account has been locked out. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Web.Security.MembershipPasswordException: The user account has been locked out. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [MembershipPasswordException: The user account has been locked out.] System.Web.Security.SqlMembershipProvider.ResetPassword(String username, String passwordAnswer) +1840 System.Web.Security.MembershipUser.ResetPassword(String passwordAnswer) +145 Sueetie.Web.ForgotUsernamePage.AddBody(MailMessage _msg, SueetieUser _user) +507 Sueetie.Web.ForgotUsernamePage.SendEmail_Click(Object sender, EventArgs e) +277 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +154 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3707 _ Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272 I'm trying not to have to recreate the database, after all, how would one place a fresh database under the application if all of the application's data is in there? So, my idea was to raise my friend as an administrator via the database, but I don't know how to do that and have the site replicate the change on the side of ASP.net. and why are these particular accounts being locked out and not taking email addresses? Thanks.