locked
Can not Logon to a Deployed Website RRS feed

  • Question

  • User-789916156 posted

    I have a small website Using SQL Server Membership. I'm using VS2012 as my development IDE and SQL Server express 2012. I've deployed the site to a GODaddy server.

    In my development system, attached to the local SQL Server, I can login as expected. I can point my connection string credentials to the GODaddy server Database and still using my development system (debug mode off) I can login as expected.  But when I open a browser window (IE11 or Chrome) and navigate to the site I can not login. I get the standard "Your Login attempt was not successful. Please try again". So what gives? Is there some IIS setting that I need to consider that I am not?

    Also I have other pages that load data from the database and that data displays properly and on one page the user gets to interact with displayed data that requires further calls to the DB to display more data. So I know that the connection to the GODaddy DB works. But it does not work when trying to log on.

    So any help would be appreciated.

    Thanks

    Gary

    Wednesday, April 6, 2016 6:43 PM

All replies

  • User-359936451 posted

    You'll nee to call GoDaddy tech support they should be able to easily point you to the right direction. When you connect from a site hosted on their service the connection string is different than the one you would use from your DEV PC.

    It actually an easy fix and they have a ton of help docs on their site I just have a link right here but try and google something like

    GoDaddy SQL database connection with ASP Membership

    Wednesday, April 6, 2016 7:57 PM
  • User614698185 posted

    Hi Gary,

    I think you should make sure the application name is matching between local server and GODaddy.

    You could refer to the following links:

    http://stackoverflow.com/questions/7417376/my-asp-net-4-login-stopped-working-why

    http://www.codeproject.com/Articles/27682/Your-Login-Attempt-was-not-Successful-Please-Try

    Best Regards,

    Candice Zhou

    Thursday, April 7, 2016 7:29 AM
  • User-789916156 posted

    Candice,

    Thanks for the help, while those sites were quite detailed in getting a connection on a GoDaddy server using Membership, they were not able to solve my problem. The bulk of the posts I found relate to issues using MySQL as the DB. I am Using the full blown version of SQL SERVER on the GoDaddy site. There were some interesting points made and I incorporated those into my project in an effort to maintain a standard. The 2 things that I did change were making the Connection String name to be LocalSQLServer and the application name to "/". I had them both being a custom name relevant to the site I created. But in the long run this did not change or alter the symptoms of the problem I am having. The only other aspect that is different is that all posts that referred to data security referred to hashing the password, and other data. My site is not hashing but encrypting

    passwordFormat="Encrypted" 

    The Membership database also is in sync with this option so that is consistent.

    In this process I have more narrowly defined the problem, so here it is. A user account can be created through the site and that user can log on, which is good. However the only way I know of to create a Administrative account is to use the Web Site Administration Tool provided by Visual Studio 2012. So when I create this Account it cannot log onto the site through an independent browser. But I can log onto the GoDaddy DB from my development machine running the site in Debug mode from the IDE. And the user created through the independent browsers cannot logon in Debug mode. So in short the account created by one method cannot log on through the other.

    I suspect that it has something to do with configuration so here is my whole web.config file with private info removed. Any help would be most appreciated.

    <?xml version="1.0" encoding="utf-8"?>
    <!--
      For more information on how to configure your ASP.NET application, please visit
      http://go.microsoft.com/fwlink/?LinkId=169433
      -->
    <configuration>
      <connectionStrings>
        <clear />
            <remove name="LocalSQLServer"/>
        <add name="LocalSQLServer" connectionString="data source=SERVERIPADDRESS;Initial Catalog=MYDB; User Id=MYUSERID;Password=MYDBPW;User Instance=false;Connect Timeout = 30" providerName="System.Data.SqlClient" />
        <!--USE FOR LIVE SYSTEM-->
        <add name="ParPointsEntities" connectionString="metadata=res://*/App_Code.Parpoints.csdl|res://*/App_Code.Parpoints.ssdl|res://*/App_Code.Parpoints.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=SERVERIPADDRESS;initial catalog=MYDB;User Id=MYUSERID;Password=MYDBPW;connect timeout=30;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />
      </connectionStrings>
      <system.web>
        <roleManager enabled="true" />
        <compilation debug="true" strict="false" explicit="true" targetFramework="4.0">
          <assemblies>
            <add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
            <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <add assembly="System.Data.Entity.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
            <add assembly="System.Data.Services.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
          </assemblies>
          <buildProviders>
            <add extension=".edmx" type="System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider" />
          </buildProviders>
        </compilation>
        <customErrors mode="Off" />
        <authentication mode="Forms">
          <forms name="MYcookie" loginUrl="~/Login.aspx" protection="All" timeout="30" path="/" />
        </authentication>
        <membership defaultProvider="AspNetSqlMembershipProvider">
          <providers>
            <clear />
            <!--USE FOR LIVE SYSTEM-->
            <add name="AspNetSqlMembershipProvider" requiresQuestionAndAnswer="true" connectionStringName="LocalSQLServer" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" enablePasswordRetrieval="true" enablePasswordReset="true" requiresUniqueEmail="true" passwordFormat="Encrypted" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" type="System.Web.Security.SQLMembershipProvider" applicationName="/" />
          </providers>
        </membership>
        <machineKey validationKey="24152D0A16F73A4B99E5FAB34323F8AC86E183F7F66A029D512613A9B2F5CC770BC869256FB5FBCF4DDD138F488446997EE1F91D991C34F067239F53F7823E60,IsolateApps" decryptionKey="DBE07523995A6E8EECAC02D40B6B5D4045BB49AF32DBB4AA,IsolateApps" validation="SHA1" />
      <pages>
          <controls>
            <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" />
          </controls>
        </pages>
      </system.web>
      <system.net>
        <mailSettings>
    
        </mailSettings>
      </system.net>
    </configuration>


     

    Thursday, April 7, 2016 11:48 PM
  • User-359936451 posted

    So made some headway. Great. But first, I think the default password mode for ASP Membership is hashed. You should keep that. You will need to code a password recovery though so that users can reset it.

    Secondly, have you activated Roles in the ASP Membership? IF so you should be certain that provide your new admin the correct Role access to the production log  on process.

    I found a tool a few years ago that was spectacular for viewing Membership accounts and managing them from like an admin access level of a web site I'll try to find the link and add it below.

    I highly recommend that you download this and incorporate in your site. I believe he allows licensing as long as you leave his name in the comments. Plz read his licensing info.

    http://www.4guysfromrolla.com/articles/052307-1.aspx

    and finally, its not real clear about where you are creating accounts and storing them. It almost sounds like one system is creating the user accounts in ASP Membership and the other is storing them in SQL or its a SQL user account you are creating.

    One thing I would recommend is working on web.config files separately, create one for your server and one for your dev machine, and be certain you never copy them back or forth. They will be significantly different like when/or if you add an SSL Cert.

    Go Daddy has a cheesy editor for working on the remote config file, but its safer then accidentally copying your dev version over the production copy.

    Friday, April 8, 2016 12:48 PM
  • User-789916156 posted

    March11,

    Well I guess I've found an alternative method, though not an answer. Making the password Hashed I'm able to use the VS Web Site Admin Tool to create an Administrative User that will log on from an independent browser as well as from my development machine. However using the Hashed option takes away a feature that encryption allows. That is the password retrieval option. Encryption allows a user to answer the security question and then get the password displayed back to them without waiting for an email so that they can reset it. I know this is lower security but the site holds no private or secure information. By using Hashed a person forgetting their password must wait for the responding email to reset their password and by then they've lost interest and aren't logging in at all and going someplace else.

    I looked at the custom WSAT that you pointed me too and played with it for a while. While the write up explains some very useful features, It would take some rewriting to be useful. First it does not take advantage of the "code behind" practice of separating ASP code form C# code. But the big thing is that it appears to require an administrative account to already be loaded in the DB to be useful, whereas the VS version supersedes this.

    So my initial problem still exists and I'll continue to look for its resolution (if there is one). I guess I will start a new thread asking this question "What are the Best Practices in launching a new web site using Membership, and setting the initial Administrative User account"?

    Thanks 

    Saturday, April 9, 2016 4:13 PM
  • User-359936451 posted

    You have to create a reset password when using hashed passwords. Similar to a forgot password, kind of works better from a security standpoint since it forces the user to create a new one.

    I understand the issue though, if they may flee. Here is a thought, what about granting them a temporary password? Make them authenticate against other info, email, phone, acct number, etc, then force them to change it again once they get past this.

    Regarding encrypted access, I have not heard of anything specific to your issue. But you might want to check the security settings like in your web config and see if there is anything requiring hashed, that needs to be changed to encrypted to allow access. The database also might be expecting hashed and when it sees an encrypted password denies access.

    Just some thoughts.

    FYI, I converted Dan's code to VB and code behind pages in just a few hours. It really wasn't hard. If you are already C# site it should be easier.

    You might consider checking/searching on the database column types, and GoDaddy allowing each as you suggested

    Monday, April 11, 2016 12:53 PM