Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...CanCan't retrieve passwords
Previous
 
Next
New Post
10/20/2008 7:29 AM
 
Hi

I'm pretty new to this so apologies if I breach etiquette or if I've posted in the wrong forum. I've just installed DNN 4.9.0 last week and after a few bumps and schoolboy errors I managed to get it all up and running, however the 'remember me' on the login didn't seem to be working. I did some digging and found a suggestion to change the timeout value in the authentication/forms element of the web.config as well as adding slidingExpiration="true" so that the time would reset whenever users logged in.

I made these changes and uploaded the web.config however when I went back to the site I found I couldn't login, I was getting "Login Failed" errors with all my logins (I use three different ones, one with host permissions, one with site admin and a general user so I don't accidentally break anything when I just want to post on my site forums).

The obvious thought was that I'd inadvertently changed something else in the web.config so I copied the back-up I'd taken before making the changes back up to the server, but that didn't help. I then tried to register as a new user, that worked fine. Logged out and then back in as the new user, still no problem. Tried again with the original users, nope still not working.

I then tried using the 'retrieve password' but that came back with a "could not retrieve password" error. I then connected to the database directly through MS-SQL dev studio and changed my new user to a super user in the "Users" table, then tried going through the admin interface to change the password on my original users but got the same "unable to retrieve password" error.

I've had a look in the event viewer and I suspect this is the main cause of the problems:-

FileColumnNumber: 0
Method: System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException
StackTrace:
Message: DotNetNuke.Services.Exceptions.PageLoadException: Bad Data. ---> System.Security.Cryptography.CryptographicException: Bad Data. at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr) at System.Security.Cryptography.Utils._DecryptData(SafeKeyHandle hKey, Byte[] data, Int32 ib, Int32 cb, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode PaddingMode, Boolean fDone) at System.Security.Cryptography.CryptoAPITransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo) at System.Web.Security.MembershipProvider.DecryptPassword(Byte[] encodedPassword) at System.Web.Security.MembershipProvider.UnEncodePassword(String pass, Int32 passwordformat) at System.Web.Security.SqlMembershipProvider.GetPassword(String username, String passwordAnswer) at System.Web.Security.MembershipUser.GetPassword() at DotNetNuke.Security.Membership.AspNetMembershipProvider.ChangePassword(UserInfo user, String oldPassword, String newPassword) at DotNetNuke.Entities.Users.UserController.ChangePassword(UserInfo user, String oldPassword, String newPassword) at DotNetNuke.Modules.Admin.Users.Password.cmdUpdate_Click(Object sender, EventArgs e) at DotNetNuke.UI.WebControls.CommandButton.RaiseClick(Object sender, EventArgs e) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) --- End of inner exception stack trace ---
Source:

Can anyone point me in the right direction? If the worst comes to the worst I've only got a dozen or so registered users so I could delete them and ask them to re-register but given that I don't know what caused the problem in the first place I'm reluctant to do that.

All suggestions will be gratefully received!

--
Mike
 
New Post
10/20/2008 8:13 AM
 

The reason you're getting the error is that you've changed the details of the forms authentication cookie, so when asp.net tried to decrypt the existing cookie it fails. If you delete your existing cookies it'll fix the situation. As for the failing in remember me, it's an asp.net issue, not a dotnetnuke problem. I blogged about a solution @ http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1784/Default.aspx .

Cathal


Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
10/20/2008 11:14 AM
 

Hi Cathal

Thanks for the pointer to the blog post, looks like I updated the wrong key :(  Unfortunately clearing the cookies hasn't helped, I've deleted all cookies and still get a failure on the login.

 
New Post
10/20/2008 11:51 AM
 

Sounds to me like the decryptionKey in the web.config has been modified.  Doing so would render the passwords of the existing users un-decryptable for existing users.  Users created after the key was changed would remain unaffected.  This is a perilously inconsistent environment.

I recommend restoring your original decryptionKey (or, possibly the validationKey -- although the problem appears to be the former) and deleting the users created after such a change.  If you do not know your original decryptionKey (a likely possibility), I recommend promoting one of your valid users to host status and then deleting ALL of the invalid user accounts. 

An alternative would be to restart your installation with a fresh database.

Hope this helps!

Brandon


Brandon Haynes
BrandonHaynes.org
 
New Post
10/20/2008 12:06 PM
 

Hi Brandon

To be honest I'm not really sure what happened.  The decryption and validation keys hadn't changed (that was one of the first things I checked).  I've managed to sort it out though, I used the "reset password" link to reset everyone's password (thank $deity there were only a dozen or so users!!) and that seems to have worked.

Big Thanks to both you and Cathal for your help though :-)

Cheers

 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...CanCan't retrieve passwords


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out