problem with custom membership provider

Discussion in 'ASP .Net' started by Ben, Apr 16, 2007.

  1. Ben

    Ben Guest

    Hi,

    i have already posted a more or less similar thread but it's gone unsolved
    with the flow of the other threads ..

    When an anonymous user has created an new account (with the CreateUserWizard
    control), i want to let asp.net generate a password and to send it
    (AutoGeneratePassword="true") to the address of the email provided by the
    new membershipuser in the CreateUserWizard control.

    So i defined a custom provider for membership with this code:

    web.config:
    -----------
    <connectionStrings>
    <add name="aspnetdb" connectionString="Data
    Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
    Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
    </connectionStrings>

    <authentication mode="Forms" />

    <membership defaultProvider="MyMembershipProvider">
    <providers>
    <add name="MyMembershipProvider"
    type="System.Web.Security.SqlMembershipProvider, System.Web,
    Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    connectionStringName="aspnetdb"
    enablePasswordRetrieval="true"
    enablePasswordReset="true"
    passwordFormat="Encrypted"
    requiresQuestionAndAnswer="true"
    applicationName="/"
    />
    </providers>
    </membership>

    code-behind:
    ------------
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As
    System.EventArgs) Handles Me.Load
    If User.Identity.IsAuthenticated Then
    Dim pw As String
    pw = Membership.GetUser.GetPassword.ToString
    End If
    End Sub

    But this generate the error:
    "You must specify a non-autogenerated machine key to store passwords in the
    encrypted format. Either specify a different passwordFormat, or change the
    machineKey configuration to use a non-autogenerated decryption key."

    at line "pw = Membership.GetUser.GetPassword.ToString"

    Changing in "hashed" is not an option because it's not retrievable and
    "clear" is not safe.
    So if anyone could explain me how to solve this, it would make my day.
    Thanks
    Ben
     
    Ben, Apr 16, 2007
    #1
    1. Advertising

  2. Ben,
    The exception message is telling you what to do: the machinekey element in
    your web.config needs to specify key and not use the autogenerated option.

    Here is an article that explains:

    http://www.eggheadcafe.com/articles/20030514.asp

    Peter

    --
    Site: http://www.eggheadcafe.com
    UnBlog: http://petesbloggerama.blogspot.com
    Short urls & more: http://ittyurl.net




    "Ben" wrote:

    > Hi,
    >
    > i have already posted a more or less similar thread but it's gone unsolved
    > with the flow of the other threads ..
    >
    > When an anonymous user has created an new account (with the CreateUserWizard
    > control), i want to let asp.net generate a password and to send it
    > (AutoGeneratePassword="true") to the address of the email provided by the
    > new membershipuser in the CreateUserWizard control.
    >
    > So i defined a custom provider for membership with this code:
    >
    > web.config:
    > -----------
    > <connectionStrings>
    > <add name="aspnetdb" connectionString="Data
    > Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
    > Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
    > </connectionStrings>
    >
    > <authentication mode="Forms" />
    >
    > <membership defaultProvider="MyMembershipProvider">
    > <providers>
    > <add name="MyMembershipProvider"
    > type="System.Web.Security.SqlMembershipProvider, System.Web,
    > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > connectionStringName="aspnetdb"
    > enablePasswordRetrieval="true"
    > enablePasswordReset="true"
    > passwordFormat="Encrypted"
    > requiresQuestionAndAnswer="true"
    > applicationName="/"
    > />
    > </providers>
    > </membership>
    >
    > code-behind:
    > ------------
    > Protected Sub Page_Load(ByVal sender As Object, ByVal e As
    > System.EventArgs) Handles Me.Load
    > If User.Identity.IsAuthenticated Then
    > Dim pw As String
    > pw = Membership.GetUser.GetPassword.ToString
    > End If
    > End Sub
    >
    > But this generate the error:
    > "You must specify a non-autogenerated machine key to store passwords in the
    > encrypted format. Either specify a different passwordFormat, or change the
    > machineKey configuration to use a non-autogenerated decryption key."
    >
    > at line "pw = Membership.GetUser.GetPassword.ToString"
    >
    > Changing in "hashed" is not an option because it's not retrievable and
    > "clear" is not safe.
    > So if anyone could explain me how to solve this, it would make my day.
    > Thanks
    > Ben
    >
    >
    >
     
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=, Apr 16, 2007
    #2
    1. Advertising

  3. Ben

    Ben Guest

    Peter,

    thanks for replying, but i'm not sure how to fix my problem.
    i must use a non-autogenerated decryption key, so this is my attempt:,
    without understanding what i'm doing ...I found the hex code on the
    microsoft site.
    I don't know either which validation to choose (SHA1 or MD5 or ...).

    This gives the error: "Validation key specified has invalid hex characters"
    If you could give me some hints
    Further, i couldn't read anywhere that one must use a non-autogenerated
    decryption key in this case. Why is it so?

    Thanks

    <machineKey
    validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A11
    9482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
    decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
    validation="SHA1"
    decryption="Auto"
    />


    "Peter Bromberg [C# MVP]" <> schreef in
    bericht news:...
    > Ben,
    > The exception message is telling you what to do: the machinekey element in
    > your web.config needs to specify key and not use the autogenerated option.
    >
    > Here is an article that explains:
    >
    > http://www.eggheadcafe.com/articles/20030514.asp
    >
    > Peter
    >
    > --
    > Site: http://www.eggheadcafe.com
    > UnBlog: http://petesbloggerama.blogspot.com
    > Short urls & more: http://ittyurl.net
    >
    >
    >
    >
    > "Ben" wrote:
    >
    >> Hi,
    >>
    >> i have already posted a more or less similar thread but it's gone
    >> unsolved
    >> with the flow of the other threads ..
    >>
    >> When an anonymous user has created an new account (with the
    >> CreateUserWizard
    >> control), i want to let asp.net generate a password and to send it
    >> (AutoGeneratePassword="true") to the address of the email provided by the
    >> new membershipuser in the CreateUserWizard control.
    >>
    >> So i defined a custom provider for membership with this code:
    >>
    >> web.config:
    >> -----------
    >> <connectionStrings>
    >> <add name="aspnetdb" connectionString="Data
    >> Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
    >> Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
    >> </connectionStrings>
    >>
    >> <authentication mode="Forms" />
    >>
    >> <membership defaultProvider="MyMembershipProvider">
    >> <providers>
    >> <add name="MyMembershipProvider"
    >> type="System.Web.Security.SqlMembershipProvider, System.Web,
    >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    >> connectionStringName="aspnetdb"
    >> enablePasswordRetrieval="true"
    >> enablePasswordReset="true"
    >> passwordFormat="Encrypted"
    >> requiresQuestionAndAnswer="true"
    >> applicationName="/"
    >> />
    >> </providers>
    >> </membership>
    >>
    >> code-behind:
    >> ------------
    >> Protected Sub Page_Load(ByVal sender As Object, ByVal e As
    >> System.EventArgs) Handles Me.Load
    >> If User.Identity.IsAuthenticated Then
    >> Dim pw As String
    >> pw = Membership.GetUser.GetPassword.ToString
    >> End If
    >> End Sub
    >>
    >> But this generate the error:
    >> "You must specify a non-autogenerated machine key to store passwords in
    >> the
    >> encrypted format. Either specify a different passwordFormat, or change
    >> the
    >> machineKey configuration to use a non-autogenerated decryption key."
    >>
    >> at line "pw = Membership.GetUser.GetPassword.ToString"
    >>
    >> Changing in "hashed" is not an option because it's not retrievable and
    >> "clear" is not safe.
    >> So if anyone could explain me how to solve this, it would make my day.
    >> Thanks
    >> Ben
    >>
    >>
    >>
     
    Ben, Apr 17, 2007
    #3
  4. Generally what I do is let the user choose their own password. (After all,
    how many passwords do you want to have to remember?). Then, the email has a
    link which takes them to a page that makes their account active.
    Peter

    --
    Site: http://www.eggheadcafe.com
    UnBlog: http://petesbloggerama.blogspot.com
    Short urls & more: http://ittyurl.net




    "Ben" wrote:

    > Peter,
    >
    > thanks for replying, but i'm not sure how to fix my problem.
    > i must use a non-autogenerated decryption key, so this is my attempt:,
    > without understanding what i'm doing ...I found the hex code on the
    > microsoft site.
    > I don't know either which validation to choose (SHA1 or MD5 or ...).
    >
    > This gives the error: "Validation key specified has invalid hex characters"
    > If you could give me some hints
    > Further, i couldn't read anywhere that one must use a non-autogenerated
    > decryption key in this case. Why is it so?
    >
    > Thanks
    >
    > <machineKey
    > validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A11
    > 9482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
    > decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
    > validation="SHA1"
    > decryption="Auto"
    > />
    >
    >
    > "Peter Bromberg [C# MVP]" <> schreef in
    > bericht news:...
    > > Ben,
    > > The exception message is telling you what to do: the machinekey element in
    > > your web.config needs to specify key and not use the autogenerated option.
    > >
    > > Here is an article that explains:
    > >
    > > http://www.eggheadcafe.com/articles/20030514.asp
    > >
    > > Peter
    > >
    > > --
    > > Site: http://www.eggheadcafe.com
    > > UnBlog: http://petesbloggerama.blogspot.com
    > > Short urls & more: http://ittyurl.net
    > >
    > >
    > >
    > >
    > > "Ben" wrote:
    > >
    > >> Hi,
    > >>
    > >> i have already posted a more or less similar thread but it's gone
    > >> unsolved
    > >> with the flow of the other threads ..
    > >>
    > >> When an anonymous user has created an new account (with the
    > >> CreateUserWizard
    > >> control), i want to let asp.net generate a password and to send it
    > >> (AutoGeneratePassword="true") to the address of the email provided by the
    > >> new membershipuser in the CreateUserWizard control.
    > >>
    > >> So i defined a custom provider for membership with this code:
    > >>
    > >> web.config:
    > >> -----------
    > >> <connectionStrings>
    > >> <add name="aspnetdb" connectionString="Data
    > >> Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
    > >> Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
    > >> </connectionStrings>
    > >>
    > >> <authentication mode="Forms" />
    > >>
    > >> <membership defaultProvider="MyMembershipProvider">
    > >> <providers>
    > >> <add name="MyMembershipProvider"
    > >> type="System.Web.Security.SqlMembershipProvider, System.Web,
    > >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    > >> connectionStringName="aspnetdb"
    > >> enablePasswordRetrieval="true"
    > >> enablePasswordReset="true"
    > >> passwordFormat="Encrypted"
    > >> requiresQuestionAndAnswer="true"
    > >> applicationName="/"
    > >> />
    > >> </providers>
    > >> </membership>
    > >>
    > >> code-behind:
    > >> ------------
    > >> Protected Sub Page_Load(ByVal sender As Object, ByVal e As
    > >> System.EventArgs) Handles Me.Load
    > >> If User.Identity.IsAuthenticated Then
    > >> Dim pw As String
    > >> pw = Membership.GetUser.GetPassword.ToString
    > >> End If
    > >> End Sub
    > >>
    > >> But this generate the error:
    > >> "You must specify a non-autogenerated machine key to store passwords in
    > >> the
    > >> encrypted format. Either specify a different passwordFormat, or change
    > >> the
    > >> machineKey configuration to use a non-autogenerated decryption key."
    > >>
    > >> at line "pw = Membership.GetUser.GetPassword.ToString"
    > >>
    > >> Changing in "hashed" is not an option because it's not retrievable and
    > >> "clear" is not safe.
    > >> So if anyone could explain me how to solve this, it would make my day.
    > >> Thanks
    > >> Ben
    > >>
    > >>
    > >>

    >
    >
    >
     
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=, Apr 17, 2007
    #4
  5. Ben

    Ben Guest

    This is a possibility, of course, but not an answer to my problem.
    Ben

    "Peter Bromberg [C# MVP]" <> schreef in
    bericht news:D...
    > Generally what I do is let the user choose their own password. (After all,
    > how many passwords do you want to have to remember?). Then, the email has
    > a
    > link which takes them to a page that makes their account active.
    > Peter
    >
    > --
    > Site: http://www.eggheadcafe.com
    > UnBlog: http://petesbloggerama.blogspot.com
    > Short urls & more: http://ittyurl.net
    >
    >
    >
    >
    > "Ben" wrote:
    >
    >> Peter,
    >>
    >> thanks for replying, but i'm not sure how to fix my problem.
    >> i must use a non-autogenerated decryption key, so this is my attempt:,
    >> without understanding what i'm doing ...I found the hex code on the
    >> microsoft site.
    >> I don't know either which validation to choose (SHA1 or MD5 or ...).
    >>
    >> This gives the error: "Validation key specified has invalid hex
    >> characters"
    >> If you could give me some hints
    >> Further, i couldn't read anywhere that one must use a non-autogenerated
    >> decryption key in this case. Why is it so?
    >>
    >> Thanks
    >>
    >> <machineKey
    >> validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A11
    >> 9482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B"
    >> decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
    >> validation="SHA1"
    >> decryption="Auto"
    >> />
    >>
    >>
    >> "Peter Bromberg [C# MVP]" <> schreef in
    >> bericht news:...
    >> > Ben,
    >> > The exception message is telling you what to do: the machinekey element
    >> > in
    >> > your web.config needs to specify key and not use the autogenerated
    >> > option.
    >> >
    >> > Here is an article that explains:
    >> >
    >> > http://www.eggheadcafe.com/articles/20030514.asp
    >> >
    >> > Peter
    >> >
    >> > --
    >> > Site: http://www.eggheadcafe.com
    >> > UnBlog: http://petesbloggerama.blogspot.com
    >> > Short urls & more: http://ittyurl.net
    >> >
    >> >
    >> >
    >> >
    >> > "Ben" wrote:
    >> >
    >> >> Hi,
    >> >>
    >> >> i have already posted a more or less similar thread but it's gone
    >> >> unsolved
    >> >> with the flow of the other threads ..
    >> >>
    >> >> When an anonymous user has created an new account (with the
    >> >> CreateUserWizard
    >> >> control), i want to let asp.net generate a password and to send it
    >> >> (AutoGeneratePassword="true") to the address of the email provided by
    >> >> the
    >> >> new membershipuser in the CreateUserWizard control.
    >> >>
    >> >> So i defined a custom provider for membership with this code:
    >> >>
    >> >> web.config:
    >> >> -----------
    >> >> <connectionStrings>
    >> >> <add name="aspnetdb" connectionString="Data
    >> >> Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated
    >> >> Security=True;User Instance=True"
    >> >> providerName="System.Data.SqlClient"/>
    >> >> </connectionStrings>
    >> >>
    >> >> <authentication mode="Forms" />
    >> >>
    >> >> <membership defaultProvider="MyMembershipProvider">
    >> >> <providers>
    >> >> <add name="MyMembershipProvider"
    >> >> type="System.Web.Security.SqlMembershipProvider, System.Web,
    >> >> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
    >> >> connectionStringName="aspnetdb"
    >> >> enablePasswordRetrieval="true"
    >> >> enablePasswordReset="true"
    >> >> passwordFormat="Encrypted"
    >> >> requiresQuestionAndAnswer="true"
    >> >> applicationName="/"
    >> >> />
    >> >> </providers>
    >> >> </membership>
    >> >>
    >> >> code-behind:
    >> >> ------------
    >> >> Protected Sub Page_Load(ByVal sender As Object, ByVal e As
    >> >> System.EventArgs) Handles Me.Load
    >> >> If User.Identity.IsAuthenticated Then
    >> >> Dim pw As String
    >> >> pw = Membership.GetUser.GetPassword.ToString
    >> >> End If
    >> >> End Sub
    >> >>
    >> >> But this generate the error:
    >> >> "You must specify a non-autogenerated machine key to store passwords
    >> >> in
    >> >> the
    >> >> encrypted format. Either specify a different passwordFormat, or change
    >> >> the
    >> >> machineKey configuration to use a non-autogenerated decryption key."
    >> >>
    >> >> at line "pw = Membership.GetUser.GetPassword.ToString"
    >> >>
    >> >> Changing in "hashed" is not an option because it's not retrievable and
    >> >> "clear" is not safe.
    >> >> So if anyone could explain me how to solve this, it would make my day.
    >> >> Thanks
    >> >> Ben
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Ben, Apr 17, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John
    Replies:
    3
    Views:
    4,380
    stribbed
    Jun 21, 2007
  2. sloan
    Replies:
    5
    Views:
    1,512
    sloan
    Jun 4, 2006
  3. Replies:
    0
    Views:
    744
  4. sloan
    Replies:
    1
    Views:
    514
    Chad Scharf
    Jul 3, 2007
  5. Brett Ossman

    Custom Membership Provider - Custom Error Messages

    Brett Ossman, Mar 11, 2009, in forum: ASP .Net Security
    Replies:
    0
    Views:
    790
    Brett Ossman
    Mar 11, 2009
Loading...

Share This Page