Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

“Your Login Attempt was not Successful. Please Try Again.” - ASP.NET Login Control.

0.00/5 (No votes)
5 May 2009 4  
This article will discuss some prevent /cure measures for the error: “Your login attempt was not successful. Please try again.”

Introduction

If you are developing using ASP.NET membership and login controls, you will be seeing the above image. This article will discuss how to prevent and/or cure this.

Background

Generally I have seen that when developers use ASP.NET membership provider and login controls, they come across this error. They will complain:

  • I have a user in the database and am still not able to login.
  • It worked fine on the local machine and when moved to host, it won't let me login.
  • Etc.

So I will be discussing some points which I have assembled from my own experience as well as from others.

Note: I am assuming here that you are using aspnetdb or used aspnet_regsql.exe to create default membership database. I will try to point out explicitly about custom dataschema.

User Specific Details

Check Password

  • Wrong Password: Often people might think they are entering the correct password but they are not. So make sure you are entering the correct password. If you have any doubts about this, create a new test user and write down the password and make sure it is what you are entering when trying to log-in.
  • Trim Password: Secondly, sometimes when you are debugging you can see the password you are entering looks the same in code-behind when you debug the Login1.Password value is correct. But that might not be the case. Suppose you are copy/pasting the password from a file or somewhere, accidentally a space is added while copying it. So Trim the password before feeding it to Membership.Validate method.

Check UserName

  • Same rules as the password above.

Check the following in the membership database tables.

aspnet_Users Table
  • Check that User exists i.e. UserName
aspnet_Membership Table
  • IsApproved is set to True
  • IsLockedOut is set to False

Membership Provider Specific Settings Issues

applicationName Attribute

  • Check if applicationName attribute is set for your membership provider in your web.config.
  • If you haven't configured your web.config, then it means your application was using default membership provider settings in machine.config. And applicationName is already set to ‘/’. So it should not be a problem. Still you can check aspnet_Applications table and see if the application name exists.

Note: Check why should you set this?

passwordFormat Attribute

  • There are three settings 0=Clear, 1=Hashed and 2=Encrypted. Compare your web.config and aspnet_Users table to check if the user was created using the same passwordFormat mentioned in your web.config. There were no changes made in development and production. Because sometimes you might create a user using Clear and then decide to change to Hash.

HashAlgorithmType Attribute

  • If your passwordFormat = Hashed (i.e.=1), see there is no change in the type of algorithm used for hashing on development machine and hosting machine. You can quickly check this using the following snippet:
protected void Page_Load(object sender, EventArgs e)
{
Response.Write (Membership.HashAlgorithmType);
}
  • Now if you see they are the same not a problem, but if not then how to go about it. If HashAlgorithmType is not explicitly set in web.config, the membership provider will use it from <machineKey> element’s validation attribute value. Default value for this is SHA1. So you will have to set this explicitly.
<membership hashAlgorithmType="SHA1">
    <providers>....</providers>
</membership>

Setting Membership Provider in web.config

  • If you are setting custom provider settings in web.config, the bold settings below are to be taken care. Set defaultprovider value. This will be useful when you have more than one provider.
  • The <clear /> will help membership provider not to get confused with any other providers in machine.config or anywhere else.
  • Always set the applicationName attribute.
<membership defaultProvider="AspNetSqlMembershipProvider">
 <providers> 
<clear/> 
<add name="AspNetSqlMembershipProvider" 
type="System.Web.Security.SqlMembershipProvider, 
System.Web, Version=2.0.0.0, Culture=neutral, 
PublicKeyToken=b03f5f7f11d50a3a" 
connectionStringName="LocalSqlServer"
 enablePasswordRetrieval="false" 
enablePasswordReset="true" 
requiresQuestionAndAnswer="true" 
requiresUniqueEmail="false" 
passwordFormat="Hashed" maxInvalidPasswordAttempts="5" 
minRequiredPasswordLength="7" 
minRequiredNonalphanumericCharacters="1" 
passwordAttemptWindow="10" passwordStrengthRegularExpression="" 
applicationName="/ " /> 
</providers> 
</membership> 

Database Related Settings

Connectionstring

  • connectionstringName = LocalSqlServer: If you are having the name of your connectionstring as ‘LocalSqlServerin your web.config, don't forget to add the remove tag as shown below:
<connectionStrings> 
<remove name="LocalSqlServer"/> 
<add name="LocalSqlServer" connectionString="....."/> 
</connectionStrings> 

Note: I would always use a unique name instead of ‘LocalSqlServer” for my connectionstring name. This will automatically clear any confusion. For example:

<connectionStrings>
<clear /> 
<add name="MembershipProvider" connectionString="....."/> 
</connectionStrings> 

And then also configure my membership provider as below:

<membership defaultprovider=”..”> 
<providers> 
<clear/> 
<add name="...” 
... 
... 
connectionStringName="MembershipProvider" 
</providers> 
</membership> 

Other Reasons / Checklist / Troubleshooting

Are you using Authenticate event of Login Control

If you are calling Membership.ValidateUser method or any other mechanism to authenticate, don't forget to set e.Authenticate like this as shown below:

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { 
if (Membership.ValidateUser(Login1.UserName, Login1.Password)) { 
e.Authenticated = true; } 
else{e.Authenticated = false; }} 

OR

Do you have any empty structure for Login Authenticate event

//Remove any such empty structure for Login Authenticate event
protected void myLogin1_Authenticate(object sender, AuthenticateEventArgs e) 
{ 
} 

Ending Notes

This is all from my experiments and articles and other forums about this error. If there are any errors or any good stuff missing, please point it out so others can find the solution in one place. Many thanks to developers whose experiences helped me write this article, especially the community on www.asp.net forums.

Resources

Check out these forums threads and other links which might help you to understand more.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here