I created a new solution for a web application based on MVC4 with ASP.NET and the Razor engine. The project uses the template that has membership. For the moment I am not using external logins due to other requirements.
However, I want to make use of the usual membership where the user creates an account on the site. Never had problems with it. I see the whole Accounts controller and its pages deployed on my application. The solution was originally created with VS.2010 so it has Simple Membership not the new ASP.NET Identity but is now using VS.2013 but I have not migrated it to Identity.
I also used the .NET 4.0 aspnet_regsql.exe application to populate the SQL Server 2012 database with the membership schema.
Then I created a special "install" view where the default accounts and roles are created on this membership database. The creation went without events and I can see the users, roles and their associations in the membership database. I also took care of setting the IsApproved flag to true prior to updating the user, and that also shows on the Membership table.
However, when I try to login to the site (Account Controller) with ANY of the logins I created with the install view, for all of them I get an error message indicating "Invalid username or password".
I placed a breakpoint on the Account Controller Login() method:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) {
if (ModelState.IsValid) {
var user = await UserManager.FindAsync(model.UserName, model.Password); // <-
if (user != null) { somthing with redirect }
else { ModelSTate.AddModelError(....); }
}
return View(model);
}
So the breakpoint occurs after every login attempt, I can see the Model State is VALID but the following line (await UserManager.FindAsync) always returns NULL even though the user accounts DO exist.
So what am I missing here? why is it failing to retrieve the user data from the database?
My web.config has this:
<connectionStrings>
<add name="DefaultConnection"
connectionString="Server=.\SQLEXPRESS;Database=MyDatabase;uid=myuser;password=mypw;Application Name=MyWeb;"
providerName="System.Data.SqlClient" />
</connectionStrings>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
<membership>
<providers>
<clear />
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="DefaultConnection"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordFormat="Hashed"
applicationName="/myWeb" />
</providers>
</membership>
<profile enabled="true" defaultProvider="AspNetSqlProfileProvider">
<providers>
<clear />
<add name="AspNetSqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="DefaultConnection"
applicationName="/myWeb" />
</providers>
</profile>
<roleManager enabled="true">
<providers>
<clear />
<add name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider"
connectionStringName="DefaultConnection"
applicationName="/myWeb" />
</providers>
</roleManager>
Don't see anything wrong with it. Now, Microsoft had the wonderful idea of removing the Asp.Net Web Configuration tool from Visual Studio 2013 (making ppl less productive) but using the workaround that makes use of IIS Express and the URL I do get the page of Membership configuration but it says it could not connect to the database. However, I use the exact same credentials to administer the database schema using SQL Server Management Studio 2012.
I don't get it... I read some things about "migration to identity" but it is not very clear. Should I use a different membership schema on the database?
OK, there are several membership systems from Microsoft, from old to new: ASP.NET Membership, Simple Membership. ASP.NET Identivy v1 and v2. That can get pretty confusing, especially when on internet there are countless articles describing them even from their Alpha phases, sometimes as if it was the "latest".
Rather than wasting time on it, it turned out Simple Membership is likely to be phased out in favour of Identity 2.0. So, now that my project was migrated to VS.2013 UPD 2 I took the plunge and proceeded to migrate the application to use ASP.NET Identity 2.0 by comparing with a newly created template solution from VS.2013 UPD2.
Basically the connection string needs a lot of changes for it to work with Identity (no wonder I was not even getting a connection). Many changes on the Account Controller as well.
So now it works.