Wrox Programmer Forums
|
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 5th, 2005, 08:55 PM
Authorized User
 
Join Date: May 2005
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default login.aspx problems

When I login on my local machine there is no problem, but when I upload the code and try to login at modules/users/login.aspx, it fails every time. I'm not very familiar with encryption, do I need to provide encryption keys somewhere? Or could this be a security issue with my web host? Or something else?


Any help would be really appreciated.

Cheers,

Mike

 
Old September 6th, 2005, 07:01 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It has nothing to do with encryption unless you added that yourself.

How is it connecting to your database?

Are you getting any errors? Did you check the Windows Event Log of the web server running the application?

Are you using the VB.NET version or the C# version? The VB.NET version logs to a file in the main folder.
 
Old September 6th, 2005, 08:37 AM
Authorized User
 
Join Date: May 2005
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It does have something to do with encryption. Here is the Submit_Click event which when the code is uploaded always sets newUser to null, so I get 'Login failed'. PhilePrincipal.ValidateLogin is called to set the value of newUser and this involves encryption (see code below). That is the only reason I can think of why it is not working. Any ideas?

private void Submit_Click(object sender, System.EventArgs e)
        {
            PhilePrincipal newUser = PhilePrincipal.ValidateLogin( EmailAddress.Text, Password.Text );
            if (newUser == null)
            {
                LoginResult.Text = "Login failed for " + EmailAddress.Text;
                LoginResult.Visible = true;
            }
            else
            {
                Context.User = newUser;
                FormsAuthentication.SetAuthCookie( EmailAddress.Text, true );
                Response.Redirect("/ThePhile/default.aspx");
            }

public static PhilePrincipal ValidateLogin(string emailAddress, string password)
        {
            Configuration.ModuleSettings moduleSettings = Configuration.ModuleConfig.GetSettings();
            int newID;

            byte[] cryptPassword = EncryptPassword( password );

            Data.User dataUser = new Data.User( moduleSettings.ConnectionString );
            if ( (newID = dataUser.ValidateLogin(emailAddress, cryptPassword)) > -1 )
                return new PhilePrincipal( newID );
            else
                return null;
        }

        public static byte[] EncryptPassword(string password)
        {
            UnicodeEncoding encoding = new UnicodeEncoding();
            byte[] hashBytes = encoding.GetBytes( password );

            // compute SHA-1 hash.
            SHA1 sha1 = new SHA1CryptoServiceProvider();
            byte[] cryptPassword = sha1.ComputeHash ( hashBytes );

            return cryptPassword;
        }
        }


Thanks,

Mike

 
Old September 6th, 2005, 10:34 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This code is just a one-way hash of the password. We store only hashed values in the database. When a user gives his password we do a new hash on what he gives us and then we compare that against the hashed password value we have in the database. These 2 hashed values (which are just an array of hex bytes) have to match in order to determine that he entered the password correctly.

I'm guessing you deployed database does not have the correct hex password values stored in the Accounts_Users table.

Can you register as a new user on your deployed database?
 
Old September 7th, 2005, 01:57 AM
Authorized User
 
Join Date: May 2005
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I don't have a problem registering as a new user in the database. The record is written to the database seemingly OK, but when it comes to logging in against that record, something goes wrong.






Similar Threads
Thread Thread Starter Forum Replies Last Post
Customize Login.aspx in WSS 3.0 saurabh_singh0 SharePoint Development 0 February 25th, 2008 10:30 AM
Login.aspx jamil umar ASP.NET 1.0 and 1.1 Basics 1 February 11th, 2006 01:03 PM
Login.aspx works in netscape, but not IE cohansh1 BOOK: ASP.NET Website Programming Problem-Design-Solution 3 February 23rd, 2005 09:05 AM
New.aspx works but login.aspx fails Validation nigelhamilton BOOK: ASP.NET Website Programming Problem-Design-Solution 8 September 13th, 2004 02:29 AM
New.aspx works but not Login.aspx ? reidcor BOOK: ASP.NET Website Programming Problem-Design-Solution 2 May 24th, 2004 10:32 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.