Sina Riani
Reputation: 345
admin users will be invalid in asp.net membership after a while
Our website uses Membership provider and has an admin panel that a number of users have access to it. the problem is admin Users can't login after a while and when I debug login codes, "Membership.ValidateUser(username, password)" method condition results false. I can't find the reason and also check the difference between valid and invalid users and can't find any things.it should be noted when I comment the ValidateUser method, user can login. How can I solve this problem?
thanks.
Login code:
protected void btnSignIn_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
var member = Membership.GetUser(txtEmail.Text);
if (member.IsLockedOut)
{
if (DateTime.Now.Subtract(member.LastLockoutDate).TotalMinutes > 10)
{
member.UnlockUser();
}
else
{
(Page as BasePage).Alert("Your account due to entering the wrong credentials more than 5 times, has been blocked, please right after 10 minutes to re-enter your user information.");
return;
}
}
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
if (Roles.IsUserInRole(txtEmail.Text, SiteUtility.SiteRoles.admin.ToString()) || Roles.IsUserInRole(txtEmail.Text, SiteUtility.SiteRoles.adminl2.ToString()))
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Response.Redirect("/admin/");
}
}
}
else
{
if (Page is BasePage)
{
(Page as BasePage).Alert("Username or password is incorrect.");
}
else
{
Page.ClientScript.RegisterStartupScript(typeof(Page), "alterror", "alert('Username or password is incorrect.');", true);
}
}
}
Membership provider config in web.config
<membership userIsOnlineTimeWindow="10" hashAlgorithmType="SHA1">
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" passwordFormat="Hashed" connectionStringName="CSConnectionString" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="2" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="ApplicationKaspid"/>
</providers>
</membership>
Upvotes: 2
Views: 558
Answers (1)
Mert Cingoz
Reputation: 762
Membership.Validate returns false for locked users.
After 5 invalid password attempts members are locked and you need to unlock members before validate.
protected void btnSignIn_Click(object sender, EventArgs e)
{
var member = Membership.GetUser(txtEmail.Text);
if (member != null)
{
if (member.IsLockedOut)
{
if (DateTime.Now.Subtract(member.LastLockoutDate).TotalMinutes > 10)
{
member.UnlockUser();
}
else
{
(Page as BasePage).Alert("Your account due to entering the wrong credentials more than 5 times, has been blocked, please right after 10 minutes to re-enter your user information.");
return;
}
}
}
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
if (Roles.IsUserInRole(txtEmail.Text, SiteUtility.SiteRoles.admin.ToString()) || Roles.IsUserInRole(txtEmail.Text, SiteUtility.SiteRoles.adminl2.ToString()))
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Response.Redirect("/admin/");
}
}
}
else
{
if (Page is BasePage)
{
(Page as BasePage).Alert("Username or password is incorrect.");
}
else
{
Page.ClientScript.RegisterStartupScript(typeof(Page), "alterror", "alert('Username or password is incorrect.');", true);
}
}
}
Upvotes: 1
Related Questions
- ASP MVC Login is returning User to login again in shared membership database
- ASP.NET Membership Error
- Making user login persistant with ASP .Net Membership
- ASP.NET Membership users disappear
- ASP.NET MEmbership Lockout for 30minutes
- Session Expires and User is no longer valid
- Asp.net membership logout automatically
- ASP.NET TimeOut expired on: Membership.ValidateUser(username, password)
- Asp.net Membership - Accounts getting locked out
- ASP.NET Membership staying authenticated issues