Membership last update problem? · YAF.NET Support Forum

Welcome Guest! To enable all features please Login or Register

continienzo
100% (Exalted)
YAF MVP Topic Starter

16 years ago

Hi all, it seems that with the last update of the yafMembershipProvider userm already existing in forum can't log in.

This seems to be caused of a new system of encrypt/decrypt...

any one else got this problem?

Thanks.

Enzo

Wanna join the discussion?! Login to your YAF.NET Support Forum forum account or Register a new forum account

Sponsor

continienzo
100% (Exalted)
YAF MVP Topic Starter

16 years ago

I noticed that now in the membership provider it is created an array of bytes in the following mode:

byte[] saltBytes = Convert.FromBase64String(salt);

It is an array of lenght 16

In the revision 2279 (before the update) it was created the same array as following:

byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());

It is an array of lenght 26

That cause the bad comparision of the encrypted password. Existing users can't log in with the new update.

Enzo

Mek
100% (Exalted)
YAF Developer

16 years ago

what web.config settings are you using?

FP:Mek

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

continienzo
100% (Exalted)
YAF MVP Topic Starter

16 years ago

what web.config settings are you using?

FP:Mek

Mek wrote:

Hi Mek, here is what i have got in the web.config:


<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
        <providers>
	    <clear/>
	    <add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafMembershipProvider" requiresUniqueEmail="true" useSalt="true" type="YAF.Providers.Membership.YafMembershipProvider"/>
        </providers>
</membership>

Mek
100% (Exalted)
YAF Developer

16 years ago

You'll need to add some new values I've got documented on my development laptop. Couldn't put them on the wiki because the reset password facility isn't working.

I'll get them added this weekend for you to try.

Edit: or take a fresh look at the example web.configs for the new value settings.

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

continienzo
100% (Exalted)
YAF MVP Topic Starter

16 years ago

You'll need to add some new values I've got documented on my development laptop. Couldn't put them on the wiki because the reset password facility isn't working.

I'll get them added this weekend for you to try.

Edit: or take a fresh look at the example web.configs for the new value settings.

Mek wrote:

Hi Mek, thanks you for the reply. Can you post here the example web.configs or say me where i can find it?

I'll be glad if you will be add them.

Enzo

Mek
100% (Exalted)
YAF Developer

16 years ago

The examples are in the webconfigs folder of your yaf install.

Still on my development laptop 😞 But I'll post back later if your still stuck. Very interested to see if we resolve the problem that way.

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

continienzo
100% (Exalted)
YAF MVP Topic Starter

16 years ago

The examples are in the webconfigs folder of your yaf install.

Still on my development laptop 😞 But I'll post back later if your still stuck. Very interested to see if we resolve the problem that way.

Mek wrote:

I'm sorry Mek, in the wbconfigs folder the only one different form the other is the "dev-recommended-web.config"

<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">
			<providers>
				<clear/>
				<add connectionStringName="yafnet" applicationName="YetAnotherForum" name="YafMembershipProvider" requiresUniqueEmail="true" useSalt="true" passwordHex="false" type="YAF.Providers.Membership.YafMembershipProvider"/>
			</providers>
</membership>

The difference is passwordHex="false", but that doesn't solve the problem.

Like i said in the other post i solved the problem changing this line:

byte[] saltBytes = Convert.FromBase64String(salt);

in this:

byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());

Mek
100% (Exalted)
YAF Developer

16 years ago

ok i need to check the revision as there has been other changes, with other options.

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

Mek
100% (Exalted)
YAF Developer

16 years ago

#10

Update:


byte[] saltBytes = Convert.FromBase64String(salt);

is actually the correct code.


byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());

is actually incorrect. Which caused my confusion.

The incorrect code will in fact produce the same salt every time. To combat this I've provided an upgrade routine in 1.93 final which will set the SALT on existing passwords in 1.93 RC2 to this default salt, thus allowing you to log in with the new code.

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

ejcortes
53.6% (Neutral)
YAF Forumling

16 years ago

#11

With that said, then I gotta wait until the final version for the upgrade. Is it scheduled for release anytime soon?

By the way, I love your product... These forums rock! :-d

ejcortes
53.6% (Neutral)
YAF Forumling

16 years ago

#12

Update:


byte[] saltBytes = Convert.FromBase64String(salt);

is actually the correct code.


byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());

is actually incorrect. Which caused my confusion.

Mek wrote:

Was this implemented in the new release? I seem to have the same problem...

Event viewer tells me this:



Event code: 4005 
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. 
Event time: 4/23/2009 1:05:05 PM 
Event time (UTC): 4/23/2009 5:05:05 PM 
Event ID: d244b48ecd4f40e398c212ec5e899451 
Event sequence: 95 
Event occurrence: 46 
Event detail code: 50201 
 
Application information: 
    Application domain: 3d7deb5-1-128849797066426385 
    Trust level: Full 
    Application Virtual Path: /2009.04.21 
    Application Path: C:\Users\eduardo\Documents\My Development Projects\Web or Intranet\_Experiments\YetAnotherForum\Code\2009.04.21\ 
    Machine name: EDDIEONWHEELZ 
 
Process information: 
    Process ID: 7492 
    Process name: WebDev.WebServer.EXE 
    Account name: NETPRESENCE\eduardo 
 
Request information: 
    Request URL: http://localhost:54696/2009.04.21/default.aspx?g=login&ReturnUrl=Forms authentication failed for the request. Reason: The ticket supplied was invalid.f2009.04.21Forms authentication failed for the request. Reason: The ticket supplied was invalid.fdefault.aspx4/23/2009 1:05:05 PMfg4/23/2009 1:05:05 PMdrecoverpassword 
    Request path: /2009.04.21/default.aspx 
    User host address: 127.0.0.1 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NETPRESENCE\eduardo 
 
Name to authenticate:  
 
Custom event details:

Edited by user 16 years ago | Reason: Not specified

Mek
100% (Exalted)
YAF Developer

16 years ago

#13

You would only have the same issue if you've downloaded from the SVN before last night. Yes this is fixed in the latest (final release). There are completely new webconfig options for the membership provider in 193 folder which yuo must include to get it to work (examples of these are located in the webconfigs folder).

Edited by user 16 years ago | Reason: Not specified

"It's a case of RTFM.. the only problem being we don't have a manual!"

When I post FP:Mek in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Ederon 🙂 )

fruitbatinshades
60.8% (Friendly)
YAF Forumling

15 years ago

#14

Yes I ran the setup wizard. I just minmerged the recommended-web.config into my web.config and they match apart from me changing to md5 (like in the original installation)

Edited by user 15 years ago | Reason: Not specified

Important Information: