ASP.NET Membership.ValidateUser() always return "false"

dyk picture dyk · Feb 28, 2014 · Viewed 15.5k times · Source

Here is my web.config:

<membership defaultProvider="CustomizedMembershipProvider">
  <providers>
    <clear />
    <add name="CustomizedMembershipProvider" 
         connectionStringName="MYbdName" 
         applicationName="/" type="System.Web.Security.SqlMembershipProvider" 
         requiresQuestionAndAnswer="false" 
         passwordFormat="Clear" 
         enablePasswordRetrieval="true" 
         requiresUniqueEmail="true" 
         minRequiredPasswordLength="4" 
         minRequiredNonalphanumericCharacters="0" />
  </providers>
</membership>

I even hardcoded the username and password:

 bool b = Membership.ValidateUser("[email protected]", "pass123");

When i perform a select on database i get the correct user.

User isAproved = true

User isLockedout = 0

Answer

chridam picture chridam · Feb 28, 2014

You need to set the applicationName property when configuring ASP.NET 2.0 Membership and other Providers. In your web.config, it's missing:

<membership defaultProvider="CustomizedMembershipProvider">
  <providers>
    <clear />
    <add name="CustomizedMembershipProvider" 
         connectionStringName="MYbdName" 
         applicationName="/"   <----------   Missing applicationName
         type="System.Web.Security.SqlMembershipProvider" 
         requiresQuestionAndAnswer="false" 
         passwordFormat="Clear" 
         enablePasswordRetrieval="true" 
         requiresUniqueEmail="true" 
         minRequiredPasswordLength="4" 
         minRequiredNonalphanumericCharacters="0" /> 
  </providers>
</membership>

You can try to get the value here

public bool Login(string userName, string password)
{
    var provider = Membership.Provider;
    string name = provider.ApplicationName; // Get the application name here

    return Membership.ValidateUser(userName, password);
}

or open up the aspnet_Users and aspnet_Applications tables within the ASPNETDB database and figure out what application name was used when creating the users and other data during development (look in the aspnet_Application table to work this out).

Then correctly set the property in your web.cofig:

<membership defaultProvider="CustomizedMembershipProvider">
      <providers>
        <clear />
        <add name="CustomizedMembershipProvider" 
             connectionStringName="MYbdName" 
             applicationName="MyAppName"   <----------   correct
             type="System.Web.Security.SqlMembershipProvider" 
             requiresQuestionAndAnswer="false" 
             passwordFormat="Clear" 
             enablePasswordRetrieval="true" 
             requiresUniqueEmail="true" 
             minRequiredPasswordLength="4" 
             minRequiredNonalphanumericCharacters="0" /> 
      </providers>
    </membership>

For more details, read this article from Scott-Gu's blog.