2.0 RC - unable to successfully create new users when using SQL Server membership provider

Topics: ASP.NET 2.0
Dec 15, 2010 at 11:43 PM
Hi, I am using the 2.0 RC. I have set up MSSQL Server for both user database and blog database When I create users using the visual studio admin tool in the Administrator group, everything works fine - I am able to log in, create pages/posts etc. However, when I try to create a user using the blogengine admin page, I get the following error: "Could not create user: Bex : The user 'Bex' is already not in role 'Administrators'. " If I leave the 'create user' page and the go back to it, then user 'Bex' shows up in the list of users (I can also see the user if I log into the database using an SQL client). However, I am unable to log into the blogwith this user. I am doing something wrong, or is this a fairly major issue?
Coordinator
Dec 16, 2010 at 7:06 AM

Thanks very much for the report.  I confirmed this is a problem.  It's fixed in 2.0.0.21 and the fix will be included in the final BE 2.0.

The user was being created, but the roles were not being assigned.  As a quick fix, you can fix it by modifying UserService.cs in the App_Code folder.  In the Add() function, is this line of code:

Roles.RemoveUserFromRoles(user, Roles.GetAllRoles());

Deleting that line will avoid the error, and the roles will be assigned without error.  You should then be able to login.

Incidentally, if after trying to login, you're still at the login page, this may be because it is trying to send you to a page you are not authorized to use, and it kicks you back to the login page -- depending on what role(s) the user is assigned to.  I ran into this.  In this case, you can click "Return to blog" in the upper right corner of the login page.  This will take you to the homepage ... you'll already be logged in at this point.

Dec 16, 2010 at 6:24 PM

Hi Ben,

Just to confirm that I commented out the code that you indicated, and now adding users works fine and I can log in with that user.

I am glad you pointed out about being kicked back to the login page as I ran into this too.  Seems like a bad user experience.  Any plans to fix this? (i.e. automatically return the user to the blog in this situation - although I guess it might not be a real world use-case and only Administrators testing new accounts are likely to run into it).

Thanks for your help.

Coordinator
Dec 16, 2010 at 6:34 PM

Great, thanks for testing.

After writing my reply here, I was thinking how it might be good to change how that works.  It's only confusing when the person is on the login page, enters their information, clicks the Login button, is redirected to an admin page, and then is kicked back to the login page.  A lot of people don't even realize they were redirected, and think there is a problem logging in.

I think I will do something about this ... at least for this particular type of scenario.

Jan 12, 2011 at 5:17 PM

hi guys,

I'm currently in the process of upgrading our company blog from blogengine.net 1.6 to the newly released 2.0.

It was a struggle to start, but I'm almost there.  I've solved most of the issues I was having except for when I try to create a new user within blogengine's own interface; I get the error "Could not create user: XOXO: The password-answer supplied is invalid.".   When I created the first user using Visual Studio, the page where I added it had two more fields on it than what's on blogengine's: "Security Question" and "Security Answer".

I have it set up on my machine (Windows 7; Visual Studio 2010).

Coordinator
Jan 13, 2011 at 7:49 AM

BE isn't using the security question & answer feature of membership.  So there are no fields for you to enter a security question & answer.

What membership provider are you using?  AspNetSqlMembershipProvider?

If you do not need the security question and answer, you might want to try setting "requiresQuestionAndAnswer" to false (if you're using the AspNetSqlMembershipProvider).

<add name="AspNetSqlMembershipProvider" .... requiresQuestionAndAnswer="false" />
Jan 13, 2011 at 1:30 PM

Thanks for the reply Ben. 

I was using "MSSQLMembershipProvider" with type "System.Web.Security.SqlMembershipProvider".  Our blog was on version 1.5 or 1.6, it was hard to tell, but we implemented it just a year or so ago.  I went and looked at its web config and looked around what it was using.  it was using "DbRoleProvider" instead of type "BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core", which when I implemented on my BE 2.0 version made it not ask for the security question and answer.

Although, I'm glad that if I were to use the other one again for some reason that there is something I could do to disable it in the configuration.

I have successfully got it fully upgraded and working on my machine right now.  I am yet to do a test on the server before fully upgrading it.

Thanks again Ben for the quick response.

 

Regards,

Donald G.
Web Developer
Intelex Technologies Inc.
http://blog.intelex.com
http://www.intelex.com

Feb 23, 2011 at 6:13 PM

I received a similar error having just installed version 2.0.0.36. I converted the web.config to be .NET 4.0 specific and installed the SQL Server ASP.NET security model database from the 4.0 Framework version. When  I switched to using SQL Server for security, I used the asp.net configuration tool to add a new user, which worked fine. However, creating user through the BlogEngine site comes up with the error message below:

ERROR MESSAGE: Could not create user: TestUser : The password-answer supplied is invalid.

Is this error message coming out of the database? Is there a difference in using "aspnet_regsql.exe" from the 4.0 framework over the 2.0 framework?

Kyle K.
FireSide Experience, LLC


Feb 23, 2011 at 6:32 PM

Kyle,

It's not coming from the database.  If you already have a database of users, you should use "DbRoleProvider" of type ""BlogEngine.Core.Providers.DbRoleProvider, BlogEngine.Core" instead.  That will allow you to continue using your current users from your existing users table.

That message is produced by the "MSSQLMembershipProvider" provider you're using because the way it's setting up users is rather new.  And because of that, you have to perform extra steps in the database to make that particular provider work for you to create users.  You actually don't need to use this provider if you're upgrading from a previous version.  Just try using "DbRoleProvider" instead.

 

Regards,

Donald G.
Web Developer
Intelex Technologies Inc.
http://blog.intelex.com
http://www.intelex.com