Try our conversational search powered by Generative AI!

AI OnAI Off

Membership.ValidateUser Epi 10.10.1 always returns false

robert mcdowell
robert mcdowell
Vote:
 

I'm using default member and role provider setttings and the ValidateUser method always returns false. The desired result is a simple custom login page using the logic below. All data, inluding username and password are being passed to the controller, as you would expect, but I always get a return value of false. I have attempted to switch the multiplex provider or simply the SQL provider, but they simply result in an error on post submission.

[System.Web.Mvc.HttpPost]

        [ValidateAntiForgeryToken]

        public ActionResult Post(LoginPage currentPage, [FromBody] LoginFormPostbackData LoginPostbackData)

        {

            var model = new LoginModel(currentPage);

            var isValid = Membership.ValidateUser(LoginPostbackData.Username, LoginPostbackData.Password);

            var isUser = Membership.GetUser(LoginPostbackData.Username);

            if (isValid)

            {

                var redirectUrl = GetRedirectUrl(LoginPostbackData.ReturnUrl);

                FormsAuthentication.SetAuthCookie(LoginPostbackData.Username, LoginPostbackData.RememberMe);

                return Redirect(redirectUrl); //Important to redirect after login to be sure cookies etc are set.

            } else

            {

                MembershipUser user = Membership.GetUser(LoginPostbackData.Username);

                if (user != null)

                {

                    //User exists

                    if (!user.IsApproved)

                    {

                        //Account Unapproved

                        model.Message = "Your account is not approved.";

                    }

                    else if (user.IsLockedOut)

                    {

                        //Account Locked

                        model.Message = "Your account is locked.";

                    }

                    else

                    {

                        //Invalid username or password

                        model.Message = "Invalid username or password.";

                    }

                }

                else

                {

                    //Invalid username or password

                    model.Message = "Invalid username or password.";

                }

            }

            //model.Message = "Wrong credentials, try again " + isValid + " " + isUser + " " + Membership.Provider.Name + " " + LoginPostbackData.Username;

            return View("Index", model);

        }

Current web.config provider settings:

<>membership defaultProvider="WindowsMembershipProvider" userIsOnlineTimeWindow="10">

      <>providers>

        <>clear />

        <>add name="MultiplexingMembershipProvider" type="EPiServer.Security.MultiplexingMembershipProvider, EPiServer" provider1="SqlServerMembershipProvider" provider2="WindowsMembershipProvider" />

        <>add name="WindowsMembershipProvider" type="EPiServer.Security.WindowsMembershipProvider, EPiServer" deletePrefix="BUILTIN\" />

        <>add name="SqlServerMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web,                 Version=4.0.0.0, Culture=neutral,               PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="EPiServerDB" requiresQuestionAndAnswer="false" applicationName="EPiServerSample" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />

      providers>

    membership>

    <>roleManager enabled="true" defaultProvider="WindowsRoleProvider">

      <>providers>

        <>clear />

        <>add name="MultiplexingRoleProvider" type="EPiServer.Security.MultiplexingRoleProvider, EPiServer" provider1="SqlServerRoleProvider" provider2="WindowsRoleProvider" providerMap1="SqlServermembershipProvider" providerMap2="WindowsMembershipProvider" />

        <>add name="WindowsRoleProvider" applicationName="EPiServerSample" type="EPiServer.Security.WindowsRoleProvider, EPiServer" />

        <>add name="SqlServerRoleProvider" connectionStringName="EPiServerDB" applicationName="EPiServerSample" type="System.Web.Security.SqlRoleProvider, System.Web,                Version=4.0.0.0, Culture=neutral,                PublicKeyToken=b03f5f7f11d50a3a" />

      providers>

    roleManager>

Authentication method forms has been configured:

<>authentication mode="Forms">

What am I missing?

#184982
Nov 07, 2017 19:21
Minesh Shah (Netcel)
Minesh Shah (Netcel)
Vote:
 

I assumend in 10.10 onwards the Membership functionality is provided via ASP_Identity so would guess you would need to use the following 

var userProvider = ServiceLocator.Current.GetInstance<UIUserProvider>();

var user = userProvider.GetUser(userName);
#184999
Nov 08, 2017 11:30
robert mcdowell
robert mcdowell
Vote:
 

Yep. That did it. 

Any idea how I can change the default redirect location from the home page to a user assigned one? On successful signin it automatically redirects to the home page within the signin method preventing any other redirection action.

#185118
Nov 09, 2017 21:15
Rejaie
Rejaie
Vote:
 

Looks like you're using the Membership classes which look at the <forms /> node in the web.config. You can set a default redirect URL by specifying the defaultUrl attribute on the <forms /> node. If you want a redirect URL based on Role/User, you probably will need to roll out your implementation of this - I'm not sure if there's an "OOTB" way of handling this requirement.

#185301
Nov 14, 2017 23:00
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.