Reset Password · YAF.NET Support Forum

Welcome Guest! To enable all features please Login or Register

Posted by: continienzo - Thursday, 26 March 2009 07:26:54
Hi all, it seems that with the last update of the yafMembershipProvider userm already existing in forum can't log in. This seems to be caused of a new system of encrypt/decrypt... any one else got this problem? Thanks. Enzo

Posted by: continienzo - Friday, 27 March 2009 00:18:44
I noticed that now in the membership provider it is created an array of bytes in the following mode: [b]byte[] saltBytes = Convert.FromBase64String(salt);[/b] It is an array of lenght 16 In the revision 2279 (before the update) it was created the same array as following: [b]byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());[/b] It is an array of lenght 26 That cause the bad comparision of the encrypted password. Existing users can't log in with the new update. Enzo

Posted by: continienzo - Friday, 27 March 2009 00:18:44

I noticed that now in the membership provider it is created an array of bytes in the following mode: [b]byte[] saltBytes = Convert.FromBase64String(salt);[/b] It is an array of lenght 16 In the revision 2279 (before the update) it was created the same array as following: [b]byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());[/b] It is an array of lenght 26 That cause the bad comparision of the encrypted password. Existing users can't log in with the new update. Enzo

Posted by: Mek - Friday, 27 March 2009 02:12:12
what web.config settings are you using? FP:Mek

Posted by: continienzo - Friday, 27 March 2009 07:00:31
[quote=Mek]what web.config settings are you using? FP:Mek [/quote] Hi Mek, here is what i have got in the web.config: [code] [/code]

Posted by: Mek - Friday, 27 March 2009 08:51:46
You'll need to add some new values I've got documented on my development laptop. Couldn't put them on the wiki because the reset password facility isn't working. I'll get them added this weekend for you to try. Edit: or take a fresh look at the example web.configs for the new value settings.

Posted by: continienzo - Saturday, 28 March 2009 04:31:38
[quote=Mek]You'll need to add some new values I've got documented on my development laptop. Couldn't put them on the wiki because the reset password facility isn't working. I'll get them added this weekend for you to try. Edit: or take a fresh look at the example web.configs for the new value settings. [/quote] Hi Mek, thanks you for the reply. Can you post here the example web.configs or say me where i can find it? I'll be glad if you will be add them. Enzo

Posted by: continienzo - Saturday, 28 March 2009 04:31:38

[quote=Mek]You'll need to add some new values I've got documented on my development laptop. Couldn't put them on the wiki because the reset password facility isn't working. I'll get them added this weekend for you to try. Edit: or take a fresh look at the example web.configs for the new value settings. [/quote] Hi Mek, thanks you for the reply. Can you post here the example web.configs or say me where i can find it? I'll be glad if you will be add them. Enzo

Posted by: Mek - Sunday, 29 March 2009 01:46:08
The examples are in the webconfigs folder of your yaf install. Still on my development laptop :-( But I'll post back later if your still stuck. Very interested to see if we resolve the problem that way.

Posted by: continienzo - Sunday, 29 March 2009 12:21:03
[quote=Mek]The examples are in the webconfigs folder of your yaf install. Still on my development laptop :-( But I'll post back later if your still stuck. Very interested to see if we resolve the problem that way. [/quote] I'm sorry Mek, in the wbconfigs folder the only one different form the other is the "dev-recommended-web.config" [code] [/code] The difference is [b]passwordHex="false"[/b], but that doesn't solve the problem. Like i said in the other post i solved the problem changing this line: [code]byte[] saltBytes = Convert.FromBase64String(salt);[/code] in this: [code]byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());[/code]

Posted by: continienzo - Sunday, 29 March 2009 12:21:03

[quote=Mek]The examples are in the webconfigs folder of your yaf install. Still on my development laptop :-( But I'll post back later if your still stuck. Very interested to see if we resolve the problem that way. [/quote] I'm sorry Mek, in the wbconfigs folder the only one different form the other is the "dev-recommended-web.config" [code] [/code] The difference is [b]passwordHex="false"[/b], but that doesn't solve the problem. Like i said in the other post i solved the problem changing this line: [code]byte[] saltBytes = Convert.FromBase64String(salt);[/code] in this: [code]byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString());[/code]

Posted by: Mek - Sunday, 29 March 2009 23:40:21
ok i need to check the revision as there has been other changes, with other options.

Posted by: Mek - Thursday, 16 April 2009 01:02:12
Update: [code] byte[] saltBytes = Convert.FromBase64String(salt); [/code] is actually the correct code. [code] byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString()); [/code] is actually incorrect. Which caused my confusion. The incorrect code will in fact produce the same salt every time. To combat this I've provided an upgrade routine in 1.93 final which will set the SALT on existing passwords in 1.93 RC2 to this default salt, thus allowing you to log in with the new code.

Posted by: Mek - Thursday, 16 April 2009 01:02:12

Update: [code] byte[] saltBytes = Convert.FromBase64String(salt); [/code] is actually the correct code. [code] byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString()); [/code] is actually incorrect. Which caused my confusion. The incorrect code will in fact produce the same salt every time. To combat this I've provided an upgrade routine in 1.93 final which will set the SALT on existing passwords in 1.93 RC2 to this default salt, thus allowing you to log in with the new code.

Posted by: ejcortes - Thursday, 23 April 2009 04:33:01
With that said, then I gotta wait until the final version for the upgrade. Is it scheduled for release anytime soon? By the way, I love your product... These forums rock! :-d

Posted by: ejcortes - Thursday, 23 April 2009 09:10:03
[quote=Mek]Update: [code] byte[] saltBytes = Convert.FromBase64String(salt); [/code] is actually the correct code. [code] byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString()); [/code] is actually incorrect. Which caused my confusion. The incorrect code will in fact produce the same salt every time. To combat this I've provided an upgrade routine in 1.93 final which will set the SALT on existing passwords in 1.93 RC2 to this default salt, thus allowing you to log in with the new code. [/quote] Was this implemented in the new release? I seem to have the same problem... Event viewer tells me this: [code] Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. Event time: 4/23/2009 1:05:05 PM Event time (UTC): 4/23/2009 5:05:05 PM Event ID: d244b48ecd4f40e398c212ec5e899451 Event sequence: 95 Event occurrence: 46 Event detail code: 50201 Application information: Application domain: 3d7deb5-1-128849797066426385 Trust level: Full Application Virtual Path: /2009.04.21 Application Path: C:\Users\eduardo\Documents\My Development Projects\Web or Intranet\_Experiments\YetAnotherForum\Code\2009.04.21\ Machine name: EDDIEONWHEELZ Process information: Process ID: 7492 Process name: WebDev.WebServer.EXE Account name: NETPRESENCE\eduardo Request information: Request URL: http://localhost:54696/2009.04.21/default.aspx?g=login&ReturnUrl=Forms authentication failed for the request. Reason: The ticket supplied was invalid.f2009.04.21Forms authentication failed for the request. Reason: The ticket supplied was invalid.fdefault.aspx4/23/2009 1:05:05 PMfg4/23/2009 1:05:05 PMdrecoverpassword Request path: /2009.04.21/default.aspx User host address: 127.0.0.1 User: Is authenticated: False Authentication Type: Thread account name: NETPRESENCE\eduardo Name to authenticate: Custom event details: [/code]

Posted by: ejcortes - Thursday, 23 April 2009 09:10:03

[quote=Mek]Update: [code] byte[] saltBytes = Convert.FromBase64String(salt); [/code] is actually the correct code. [code] byte[] saltBytes = Encoding.Unicode.GetBytes(Convert.FromBase64String(salt).ToString()); [/code] is actually incorrect. Which caused my confusion. The incorrect code will in fact produce the same salt every time. To combat this I've provided an upgrade routine in 1.93 final which will set the SALT on existing passwords in 1.93 RC2 to this default salt, thus allowing you to log in with the new code. [/quote] Was this implemented in the new release? I seem to have the same problem... Event viewer tells me this: [code] Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. Event time: 4/23/2009 1:05:05 PM Event time (UTC): 4/23/2009 5:05:05 PM Event ID: d244b48ecd4f40e398c212ec5e899451 Event sequence: 95 Event occurrence: 46 Event detail code: 50201 Application information: Application domain: 3d7deb5-1-128849797066426385 Trust level: Full Application Virtual Path: /2009.04.21 Application Path: C:\Users\eduardo\Documents\My Development Projects\Web or Intranet\_Experiments\YetAnotherForum\Code\2009.04.21\ Machine name: EDDIEONWHEELZ Process information: Process ID: 7492 Process name: WebDev.WebServer.EXE Account name: NETPRESENCE\eduardo Request information: Request URL: http://localhost:54696/2009.04.21/default.aspx?g=login&ReturnUrl=Forms authentication failed for the request. Reason: The ticket supplied was invalid.f2009.04.21Forms authentication failed for the request. Reason: The ticket supplied was invalid.fdefault.aspx4/23/2009 1:05:05 PMfg4/23/2009 1:05:05 PMdrecoverpassword Request path: /2009.04.21/default.aspx User host address: 127.0.0.1 User: Is authenticated: False Authentication Type: Thread account name: NETPRESENCE\eduardo Name to authenticate: Custom event details: [/code]

Posted by: Mek - Thursday, 23 April 2009 11:41:27
You would only have the same issue if you've downloaded from the SVN before last night. Yes this is fixed in the latest (final release). There are completely new webconfig options for the membership provider in 193 folder which yuo must include to get it to work (examples of these are located in the webconfigs folder).

Posted by: fruitbatinshades - Wednesday, 29 April 2009 07:19:35
Yes I ran the setup wizard. I just minmerged the recommended-web.config into my web.config and they match apart from me changing to md5 (like in the original installation)

Important Information: