Strange Error On Failed ASP.Net Login

2
votes

I've an ASP.Net 3.5 (C#) web application which uses Sql Server 2008 for its database. In that db is a standard users table with columns username/password and I have a simple login form to authenticate users. The login page simple queries the table for matching username/password combination for the values inputted. If a user enters a valid username/password it works fine and proceeds, however if an invalid combination for some reason it throws an error rather than simply finding no matches. The error is:

System.Web Message: Exception of type 'System.Web.HttpUnhandledException' was thrown. Stack trace: at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.login_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\55c40ade\918a8ce7\App_Web_xyhtxem7.17.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Complete Error Text: System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Data.SqlClient.SqlException: Failed to generate a user instance of SQL Server due to a failure in starting the process for the user instance. The connection will be closed. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) at System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) at System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Boolean updateLastLoginActivityDate, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate) at System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) at System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) at System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) at System.Web.UI.WebControls.Login.AttemptLogin() at System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) --- End of inner exception stack trace --- at System.Web.UI.Page.HandleError(Exception e) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.login_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\55c40ade\918a8ce7\App_Web_xyhtxem7.17.cs:line 0 at System.Web.HttpApplication

Any ideas what's happening?

4
c#asp.netsql-server
I found this answer, read it: forums.asp.net/t/1377174.aspxmortb
from the stack trace it looks like the membership provider is trying to connect to the sql server using the credentials the user entered (otherwise it probably wouldn't fail only if wrong credentials are entered). If they are wrong, it won't be able to connect to the server at all. SqlClient throws an exception that you would have to handle. But usually the connection string contains database credentials.Dirk Trilsbeek

4 Answers

0
votes

If you don't match the sql result is probably NULL. So you don't get any valid result for the method. If you do something like this 

SELECT * FROM xxx WHERE username = {0} and password = {1}

try

SELECT COUNT(*) FROM xxx WHERE username = {0} and password = {1}

then you get and int value 0 or >0 back to validate. But show us the code to help more specified.

0
votes

This is a guess as you've not given enough info to be certain.

It sounds like you've written your own provider or are trying to circumvent it somehow.

If you fail to login it looks like the code is automatically falling back to the default provider that you've still got a connection string for in the web.config. Probably the default connection string that visual studio 'helpfully' adds. Which is an mdf, and this is the error it throws when the mdf doesn't exist.

That database obviously doesn't exist and it's failing with that error.

So you probably need to get rid of the provider in your web.config or fix your own provider or fix the way you're validating the user.

0
votes

You are using membership provider is trying to connect to the sql server - I guess that most probably you are trying to use local sql express instance by providing the database file name.
In such case, the provider tries to create the database if it does not exists and the account (under which your code is running) may need to have read/write permissions on the folder. Or in you may not even have sqlexpress installed on your machine etc.

I would suggest you to check connection string and try debug from there - for example, try to connect to that database (remote/local) or create that database (along with required schema) if not exists. Change the connection string to conventional one (instead of providing the file name) and so on...

See this article for more help regarding creation of database and schema needed for membership provider: http://www.asp.net/web-forms/tutorials/security/membership/creating-the-membership-schema-in-sql-server-cs

0
votes

I found out the issue here. I wasn't using (or at least trying to use) any Membership provider for my application, but I was using the built in Login control for my login page. I was handling the submit button OnClick event which was working fine and redirecting when valid credentials but not redirecting when invalid and I believe this was the root of the problem as the Login.Authenticate event was being triggered but not handled. By reworking the code and using my own submit form instead of the Login control it worked fine.