Reputation: 643
SignInManager.PasswordSignInAsync always return Failure
After converting my application from .NET Framework 4.6 to .NET Core 2 I made the requested changes to the database to support the new identity model, namely a few fields added to AspNetUsers and new tables.
Logging works fine in .NET Core.
Now I need to go back to the .NET Framework 4.6 app and when I try to login, SignInManager.PasswordSignInAsync always returns Failure. I checked the queries using SQL Profiler and I cannot see any wrong query (no error in any of the queries run).
CREATE TABLE [dbo].[AspNetUsers](
[Id] [nvarchar](128) NOT NULL,
[UserKeyId] [bigint] NOT NULL,
[Email] [nvarchar](256) NULL,
[EmailConfirmed] [bit] NOT NULL,
[PasswordHash] [nvarchar](max) NULL,
[SecurityStamp] [nvarchar](max) NULL,
[PhoneNumber] [nvarchar](max) NULL,
[PhoneNumberConfirmed] [bit] NOT NULL,
[TwoFactorEnabled] [bit] NOT NULL,
[LockoutEndDateUtc] [datetime] NULL,
[LockoutEnabled] [bit] NOT NULL,
[AccessFailedCount] [int] NOT NULL,
[UserName] [nvarchar](256) NOT NULL,
[CreationDate] [datetimeoffset](7) NOT NULL DEFAULT ('1900-01-01T00:00:00.000'),
[FirstName] [nvarchar](max) NULL,
[LastName] [nvarchar](max) NULL,
[NormalizedEmail] [nvarchar](256) NULL,
[NormalizedUserName] [nvarchar](256) NULL,
[ConcurrencyStamp] [nvarchar](max) NULL,
[LockoutEnd] [datetimeoffset](7) NULL,
CONSTRAINT [PK_dbo.AspNetUsers] PRIMARY KEY CLUSTERED
(
[Id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
Where it fails (i.e. result = SignInStatus.Failure):
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: true);
In AspNetUsers table: Email = UserName
I don't think I need to rollback the changes made to the DB, so how can I find out the exact reason PasswordSignInAsync returns Failure?
Upvotes: 6
Views: 10404
Answers (3)
Reputation: 776
FYI, at some point, I could not login into one of the environments and then I removed [ValidateAntiForgeryToken] from Login post action and this issue started to happen. Only reregistering a user seems to work at this point.
Upvotes: 1
Reputation: 643
The problem was with the hash. With my old app in .NET Framework 4.6, it was using Identity 2.0. When I converted my app to .NET Core 2, I actually created a new project and migrated code file by file, so it used the much stronger Identity 3.0. As a not-so-nice feature, the hash is rewritten when you login, so the password hashes were rewritten with Identity 3.0, which my old app could not decode.
There is however an option that you can set .NET Core to prevent the use of Identity 3.0.
You just have to add this line in ConfigureServices in Startup.cs:
services.Configure<PasswordHasherOptions>(options =>
options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2
);
Upvotes: 11
Related Questions
- await SignInManager.PasswordSignInAsync() always results in a failure in my ASP.NET MVC project
- SignInManager.PasswordSignInAsync() succeeds, but User.Identity.IsAuthenticated is false
- Asp.NET Core 2 Authentication. SignInManager.PasswordSignInAsync() succeeds, but User.Identity.IsAuthenticated is false
- PasswordSignInAsync returns always failed
- Identity 3 SignInManager.PasswordSignInAsync() doesn't return any result
- ASP.NET MVC 5 Identity 2 PasswordSignInAsync method always returns false
- Getting error in _signInManager.PasswordSignInAsync method in .net core 3
- PasswordSignInAsync doesn't work correctly (Identity)
- User.Identity.IsAuthenticated is false although SignInManager.PasswordSignInAsync() succeeds
- Asp.Net Core PasswordSignInAsync always fails