Problems Integrating /w Existing SQL DB

Apr 29, 2010 at 7:48 PM
Edited Apr 29, 2010 at 8:43 PM

I have an existing database which is already using the default SQL Membership & Role providers and I want my new BlogEngine installation to use this database.   I ran the necessary scripts to populate the database with the schema needed for BlogEngine.  I updated the web.config so that BlogEngine references the existing database.  Everything up to this point seems to be working.

I open the 'ASP.NET Configuration' page and it is properly reading from my existing database because I can see all existing users.  I created a new role called 'Administrators' and created a new user called 'admin' with the 'Administrators' role.  When I login with this [newly created] user he can properly access the administrative components of the blog.  Now the problem...

Although I can login with users that I now add to the database (after BlogEngine installation), I cannot seem to login with any users that previously existed in the database.  Even if I assign the 'Administrators' role to the pre-existing user, login doesn't work.  The only differences I could find between the two sets of users is that my pre-existing users were added with Encrypted passwords while BlogEngine.net uses hashed passwords by default.  So, I reconfigured BlogEngine.net to use Encrypted passwords, created new users who then work, but still cannot login with pre-existing users.  I also made sure the ApplicationIDs match for old and new users, which they do.

I'm completely stuck here.

 

 [EDIT]

Ok I think I discovered the problem, although I'm not sure how to fix it... the only users BlogEngine will recognize are those created with hashed passwords.  My pre-existing users were created with Encrypted passwords, so even if I add "passwordFormat=Encrypted" to the web config for the SQL provider in BlogEngine, it still won't recognize my pre-existing users. 

1.  Users that I add with hashed passwords work just fine.

2.  Users with encrypted passwords (whether they already existed, or I add them now) cannot successfully login, even with "passwordFormat=Encrypted".

 

So my question then becomes... how do I configure BlogEngine to recognize users with Encrypted passwords and allow them to login?

Coordinator
Apr 30, 2010 at 1:17 PM

It appears the XmlMembershipProvider and DbMembershipProvider in BE have not implemented the 'encrypted' password format.  It's the same code in both providers, which is:

 

if (config["passwordFormat"] == null)
{
	config["passwordFormat"] = "Hashed";
	passwordFormat = MembershipPasswordFormat.Hashed;
}
else if (String.Compare(config["passwordFormat"], "clear", true) == 0)
{
	passwordFormat = MembershipPasswordFormat.Clear;
}
else
{
	passwordFormat = MembershipPasswordFormat.Hashed;
}

You can see it deals with the Hashed and Clear formats -- but not encrypted.  You could implement the encrypted format.

But an easier way to deal with this would be to switch to the standard SQL Membership and Role providers.  See this page in the documentation.  There's really not much needed to switch, actually -- especially if you already the DB tables setup.  It's mainly just a matter of adding the providers in the <providers> section and making them the defaultProvider.

The only thing to watch out for (that I can think of now) is to make sure you add the Administrators and Editors roles to the roles once you've switched over to the standard SQL Membership and Role providers.

 

Apr 30, 2010 at 2:06 PM
Edited Apr 30, 2010 at 2:10 PM

Ben,

I'm already using the standard SQL Membership & Role providers.   If I create new users using hashed passwords (and in the appropriate role) everything works fine, but if I create new users using encrypted passwords (or if I try to login with pre-existing users who were created using encrypted passwords) then it absolutely won't let me login.  Here is a snippet from my web.config, the only file I've edited thus far:

<BlogEngine>
  <blogProvider defaultProvider="DbBlogProvider">
    <providers>
      <add name="XmlBlogProvider" type="BlogEngine.Core.Providers.XmlBlogProvider, BlogEngine.Core"/>
      <add name="DbBlogProvider" type="BlogEngine.Core.Providers.DbBlogProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
    </providers>
  </blogProvider>
</BlogEngine>

<connectionStrings>
  <clear/>
  <add name="BlogEngine" connectionString="Data Source=BRADCPU\SQLEXPRESS;User ID=BEUser;Password=password;initial catalog=CSWR-1-0-1;" providerName="System.Data.SqlClient"/>
</connectionStrings>

<membership defaultProvider="SqlMembershipProvider">
  <providers>
    <clear/>
    <add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="BlogEngine" applicationName="/" />
    <add name="XmlMembershipProvider" type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core" description="XML membership provider" passwordFormat="Hashed"/>
    <add name="DbMembershipProvider" type="BlogEngine.Core.Providers.DbMembershipProvider, BlogEngine.Core" passwordFormat="Hashed" connectionStringName="BlogEngine"/>
  </providers>
</membership>

<roleManager defaultProvider="SqlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">
  <providers>
    <clear/>
    <add name="SqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="BlogEngine" applicationName="/"/>
    <add name="XmlRoleProvider" type="BlogEngine.Core.Providers.XmlRoleProvider, BlogEngine.Core" description="XML role provider"/>
    <add name="DbRoleProvider" type="BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core" connectionStringName="BlogEngine"/>
  </providers> 

</roleManager>

 

 

Apr 30, 2010 at 4:53 PM

Ok I believe I've resolved the problem.  I maybe should have mentioned that I was running BlogEngine as sub-application to a pre-existing application.  Anyways, in the tutorial you referenced suggested to add the following line to the web.config:

<machineKey decryptionKey="AutoGenerate,IsolateApps"/>


Adding that line made BlogEngine throw exceptions when I tried to create new users though the 'ASP.net Configuration' website, however it gave me an idea.... I deleted the machineKey that shipped with BlogEngine then copied the machineKey from my parent (pre-existing) application into the web.config for BlogEngine.  When I did this everything started working as expected, I could create new users with Encrypted passwords and login successfully.  Plus, I could login with users that were already in the database.

Thanks for the help.