I have to reuse old database wich was created using old membership provider, the one which creates the tables with the names like "dbo.aspnet_Users". I can create users with
MembershipUser createdUser =
Membership.CreateUser("UserName", "Password", "[email protected]",
"Password Question", "Password Answer", true, out status);
But when I try to validate the user
Membership.ValidateUser("UserName", "Password")
I always get false as a result.
Using the Reflector I found that I call this method from System.Web.Security.Membership class:
public static bool ValidateUser(string username, string password)
{
return Provider.ValidateUser(username, password);
}
And in the debugger I see the both username and password have their respective values, after i step into Provider.ValidateUser(username, password); I get to the System.Web.Security.SqlMembershipProvider.ValidateUser:
public override bool ValidateUser(string username, string password)
{
if ((SecUtility.ValidateParameter(ref username, true, true, true, 0x100) && SecUtility.ValidateParameter(ref password, true, true, false, 0x80)) && this.CheckPassword(username, password, true, true))
{
PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_SUCCESS);
WebBaseEvent.RaiseSystemEvent(null, 0xfa2, username);
return true;
}
PerfCounters.IncrementCounter(AppPerfCounter.MEMBER_FAIL);
WebBaseEvent.RaiseSystemEvent(null, 0xfa6, username);
return false;
}
But the ValidateUser's method parameter password is now null while username is not null. Am I doing something wrong?
upd: added the video with screen captured showing the error http://youtu.be/N9rcNonGZTI
upd 2: I decided to try the reflection to call
private bool CheckPassword(string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat)
method from System.Web.Security.SqlMembershipProvider class
var provider = (SqlMembershipProvider) Membership.Provider;
var provider = (SqlMembershipProvider) Membership.Provider;
MethodInfo mInfoMethod = typeof(SqlMembershipProvider).GetMethod(
"CheckPassword",
BindingFlags.Instance | BindingFlags.NonPublic,
Type.DefaultBinder,
new[] { typeof(string), typeof(string), typeof(bool), typeof(bool), typeof(string).MakeByRefType(), typeof(int).MakeByRefType() }, null);
string str1 = null;
int num1 = 0;
var args = new object[] {"UserName", "Password", true, true, str1, num1};
var res = mInfoMethod.Invoke(provider, args);
the method I'm calling System.Web.Security.SqlMembershipProvider.CheckPassword looks like this :
private bool CheckPassword(string username, string password, bool updateLastLoginActivityDate, bool failIfNotApproved, out string salt, out int passwordFormat)
{
SqlConnectionHolder connection = null;
string str;
int num;
int num2;
int num3;
bool flag2;
DateTime time;
DateTime time2;
this.GetPasswordWithFormat(username, updateLastLoginActivityDate, out num, out str, out passwordFormat, out salt, out num2, out num3, out flag2, out time, out time2);
if (num != 0)
{
return false;
}
if (!flag2 && failIfNotApproved)
{
return false;
}
string str2 = this.EncodePassword(password, passwordFormat, salt);
bool objValue = str.Equals(str2);
if ((objValue && (num2 == 0)) && (num3 == 0))
{
return true;
}
try
{
try
{
connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
this.CheckSchemaVersion(connection.Connection);
SqlCommand command = new SqlCommand("dbo.aspnet_Membership_UpdateUserInfo", connection.Connection);
DateTime utcNow = DateTime.UtcNow;
command.CommandTimeout = this.CommandTimeout;
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
command.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, username));
command.Parameters.Add(this.CreateInputParam("@IsPasswordCorrect", SqlDbType.Bit, objValue));
command.Parameters.Add(this.CreateInputParam("@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate));
command.Parameters.Add(this.CreateInputParam("@MaxInvalidPasswordAttempts", SqlDbType.Int, this.MaxInvalidPasswordAttempts));
command.Parameters.Add(this.CreateInputParam("@PasswordAttemptWindow", SqlDbType.Int, this.PasswordAttemptWindow));
command.Parameters.Add(this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, utcNow));
command.Parameters.Add(this.CreateInputParam("@LastLoginDate", SqlDbType.DateTime, objValue ? utcNow : time));
command.Parameters.Add(this.CreateInputParam("@LastActivityDate", SqlDbType.DateTime, objValue ? utcNow : time2));
SqlParameter parameter = new SqlParameter("@ReturnValue", SqlDbType.Int)
{
Direction = ParameterDirection.ReturnValue
};
command.Parameters.Add(parameter);
command.ExecuteNonQuery();
num = (parameter.Value != null) ? ((int)parameter.Value) : -1;
}
finally
{
if (connection != null)
{
connection.Close();
connection = null;
}
}
}
catch
{
throw;
}
return objValue;
}
And what is strange is that all method's input parameters are set, except password, it's null again.