Last post Apr 11, 2016 12:53 PM by march11
Apr 06, 2016 06:43 PM|Ghustis|LINK
I have a small website Using SQL Server Membership. I'm using VS2012 as my development IDE and SQL Server express 2012. I've deployed the site to a GODaddy server.
In my development system, attached to the local SQL Server, I can login as expected. I can point my connection string credentials to the GODaddy server Database and still using my development system (debug mode off) I can login as expected. But when I open
a browser window (IE11 or Chrome) and navigate to the site I can not login. I get the standard "Your Login attempt was not successful. Please try again". So what gives? Is there some IIS setting that I need to consider that I am not?
Also I have other pages that load data from the database and that data displays properly and on one page the user gets to interact with displayed data that requires further calls to the DB to display more data. So I know that the connection to the GODaddy
DB works. But it does not work when trying to log on.
So any help would be appreciated.
Apr 06, 2016 07:57 PM|march11|LINK
You'll nee to call GoDaddy tech support they should be able to easily point you to the right direction. When you connect from a site hosted on their service the connection string is different than the one you would use from your DEV PC.
It actually an easy fix and they have a ton of help docs on their site I just have a link right here but try and google something like
GoDaddy SQL database connection with ASP Membership
Apr 07, 2016 07:29 AM|Candice Zhou|LINK
I think you should make sure the application name is matching between local server and GODaddy.
You could refer to the following links:
Apr 07, 2016 11:48 PM|Ghustis|LINK
Thanks for the help, while those sites were quite detailed in getting a connection on a GoDaddy server using Membership, they were not able to solve my problem. The bulk of the posts I found relate to issues using MySQL as the DB. I am Using the full blown
version of SQL SERVER on the GoDaddy site. There were some interesting points made and I incorporated those into my project in an effort to maintain a standard. The 2 things that I did change were making the Connection String name to be LocalSQLServer and
the application name to "/". I had them both being a custom name relevant to the site I created. But in the long run this did not change or alter the symptoms of the problem I am having. The only other aspect that is different is that all posts that referred
to data security referred to hashing the password, and other data. My site is not hashing but encrypting
The Membership database also is in sync with this option so that is consistent.
In this process I have more narrowly defined the problem, so here it is. A user account can be created through the site and that user can log on, which is good. However the only way I know of to create a Administrative account is to use the Web Site Administration
Tool provided by Visual Studio 2012. So when I create this Account it cannot log onto the site through an independent browser. But I can log onto the GoDaddy DB from my development machine running the site in Debug mode from the IDE. And the user created through
the independent browsers cannot logon in Debug mode. So in short the account created by one method cannot log on through the other.
I suspect that it has something to do with configuration so here is my whole web.config file with private info removed. Any help would be most appreciated.
<?xml version="1.0" encoding="utf-8"?>
For more information on how to configure your ASP.NET application, please visit
<add name="LocalSQLServer" connectionString="data source=SERVERIPADDRESS;Initial Catalog=MYDB; User Id=MYUSERID;Password=MYDBPW;User Instance=false;Connect Timeout = 30" providerName="System.Data.SqlClient" />
<!--USE FOR LIVE SYSTEM-->
<add name="ParPointsEntities" connectionString="metadata=res://*/App_Code.Parpoints.csdl|res://*/App_Code.Parpoints.ssdl|res://*/App_Code.Parpoints.msl;provider=System.Data.SqlClient;provider connection string="data source=SERVERIPADDRESS;initial catalog=MYDB;User Id=MYUSERID;Password=MYDBPW;connect timeout=30;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
<roleManager enabled="true" />
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
<add assembly="System.Security, Version=220.127.116.11, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Data.Entity, Version=18.104.22.168, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add assembly="System.Data.Entity.Design, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add assembly="System.Data.Services.Client, Version=126.96.36.199, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider" />
<customErrors mode="Off" />
<forms name="MYcookie" loginUrl="~/Login.aspx" protection="All" timeout="30" path="/" />
<!--USE FOR LIVE SYSTEM-->
<add name="AspNetSqlMembershipProvider" requiresQuestionAndAnswer="true" connectionStringName="LocalSQLServer" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" enablePasswordRetrieval="true" enablePasswordReset="true" requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" type="System.Web.Security.SQLMembershipProvider" applicationName="/" />
<machineKey validationKey="24152D0A16F73A4B99E5FAB34323F8AC86E183F7F66A029D512613A9B2F5CC770BC869256FB5FBCF4DDD138F488446997EE1F91D991C34F067239F53F7823E60,IsolateApps" decryptionKey="DBE07523995A6E8EECAC02D40B6B5D4045BB49AF32DBB4AA,IsolateApps" validation="SHA1" />
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
Apr 08, 2016 12:48 PM|march11|LINK
So made some headway. Great. But first, I think the default password mode for ASP Membership is hashed. You should keep that. You will need to code a password recovery though so that users can reset it.
Secondly, have you activated Roles in the ASP Membership? IF so you should be certain that provide your new admin the correct Role access to the production log on process.
I found a tool a few years ago that was spectacular for viewing Membership accounts and managing them from like an admin access level of a web site I'll try to find the link and add it below.
I highly recommend that you download this and incorporate in your site. I believe he allows licensing as long as you leave his name in the comments. Plz read his licensing info.
and finally, its not real clear about where you are creating accounts and storing them. It almost sounds like one system is creating the user accounts in ASP Membership and the other is storing them in SQL or its a SQL user account you are creating.
One thing I would recommend is working on web.config files separately, create one for your server and one for your dev machine, and be certain you never copy them back or forth. They will be significantly different like when/or if you add an SSL Cert.
Go Daddy has a cheesy editor for working on the remote config file, but its safer then accidentally copying your dev version over the production copy.
Apr 09, 2016 04:13 PM|Ghustis|LINK
Well I guess I've found an alternative method, though not an answer. Making the password Hashed I'm able to use the VS Web Site Admin Tool to create an Administrative User that will log on from an independent browser as well as from my development machine.
However using the Hashed option takes away a feature that encryption allows. That is the password retrieval option. Encryption allows a user to answer the security question and then get the password displayed back to them without waiting for an email so that
they can reset it. I know this is lower security but the site holds no private or secure information. By using Hashed a person forgetting their password must wait for the responding email to reset their password and by then they've lost interest and aren't
logging in at all and going someplace else.
I looked at the custom WSAT that you pointed me too and played with it for a while. While the write up explains some very useful features, It would take some rewriting to be useful. First it does not take advantage of the "code behind" practice of separating
ASP code form C# code. But the big thing is that it appears to require an administrative account to already be loaded in the DB to be useful, whereas the VS version supersedes this.
So my initial problem still exists and I'll continue to look for its resolution (if there is one). I guess I will start a new thread asking this question "What are the Best Practices in launching a new web site using Membership, and setting the initial Administrative
Apr 11, 2016 12:53 PM|march11|LINK
You have to create a reset password when using hashed passwords. Similar to a forgot password, kind of works better from a security standpoint since it forces the user to create a new one.
I understand the issue though, if they may flee. Here is a thought, what about granting them a temporary password? Make them authenticate against other info, email, phone, acct number, etc, then force them to change it again once they get past this.
Regarding encrypted access, I have not heard of anything specific to your issue. But you might want to check the security settings like in your web config and see if there is anything requiring hashed, that needs to be changed to encrypted to allow access.
The database also might be expecting hashed and when it sees an encrypted password denies access.
Just some thoughts.
FYI, I converted Dan's code to VB and code behind pages in just a few hours. It really wasn't hard. If you are already C# site it should be easier.
You might consider checking/searching on the database column types, and GoDaddy allowing each as you suggested