when make login using simple membership it not logged in success although I use same user name and password?

ahmedsalah

Active member
Joined
Sep 26, 2018
Messages
32
Programming Experience
3-5
I work on Web API c# web app . I face issue I can't login success although I have same username and password .

when make break point on websecurity.login then trace it jump to ModelState.AddModelError

so are there are any settings remaining or some configuration not done .

not login success athough user name and password exist:
  public JsonResult Login(LoginModel model, string returnUrl)
         {
             if (WebSecurity.Login(model.UserName, model.Password, model.RememberMe))
             {
               
             }
   
             ModelState.AddModelError("", "error");
             return Json(new { Ok = false, Message = main.LoginError, status = "activated" });
         }
I have same user name and password that exist on table webpages_Membership

but not logged in success .

so what I do to solve issue please .

I use username sa on userprofiles table and password on YWhtZWRzYTEyMw== on webpages_Membership with same user id
 

Skydiver

Staff member
Joined
Apr 6, 2019
Messages
6,561
Location
Chesapeake, VA
Programming Experience
10+
That password you are showing there looks to be the salted and hashed password base64 encoded and stored in a database. I suspect that you need to enter the appropriate password in the UI, and the framework will take care of doing the salting and hashing of the entered password and comparing it with a decoded salted and hashed version from the database.

I'm just speculating, though because I've never had to use any of the ASP.NET MVC authn/authz stuff beyond the Windows Integrated authn/authz.
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
4,880
Location
Sydney, Australia
Programming Experience
10+
It sounds like you are using ASP.NET Membership, which is quite outdated now and was effectively replaced by ASP.NET Identity some years ago. Still, Membership will still work as it was intended, even if Identity provides more and better functionality.

@Skydiver is quite correct that the password you quote would be the salted and hashed base-64 text value generated after processing the actual password provided by the user when they registered. The idea is that the user logs in using that same password, you pass that to the appropriate Membership method and it will then do the comparison internally. It will get the value from the database, convert it to binary data, get the salt, hash the data you provided with that salt and then compare the result to the value from the database. If they match then the user is authorised. If you don't know what that original password was then there's no way for you to log in as that user. In that case, Membership also provides functionality to reset a password, so you could use that.

We use Identity in our apps and what I do during development and testing sometimes is create a new user record with a password I know and then copy the value generated in the database for that into another existing user record, so I can then use the same password to log in as that user. You should be able to do the same with Membership.
 
Top Bottom