I am able to login to dnn website with incorrect password. When i click on login button after typing incorrect password, it gives me the proper validation message. However, I am logged in because if I refresh or browse the site pages, I get access and I can see my screen name.

I am using dnn version 7.1.2

On login button click, I am using the below C# code:

var user = UserController.UserLogin(
            portalId, userName, password, string.Empty,
            portalName, ipAddress, ref loginStatus, checked);

Values for each :

portId = 0
ipAddress = ::1
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
var checked = false;

Below is the configuation for the membership.

<add name="AspNetSqlMembershipProvider" 
          type="System.Web.Security.SqlMembershipProvider" 
          connectionStringName="SiteSqlServer" 
          enablePasswordRetrieval="false" 
          enablePasswordReset="true" 
          requiresQuestionAndAnswer="false" 
          minRequiredPasswordLength="7" 
          minRequiredNonalphanumericCharacters="0" 
          requiresUniqueEmail="false" 
          passwordFormat="Hashed" 
          applicationName="DotNetNuke" 
          description="Stores and retrieves membership data from the local Microsoft SQL Server database"/>

Any help here. Any suggestions or help would be appreciated a lot.

Thanks, Sam