I feel dumb, but I can't login

Topics: ASP.NET 2.0
Apr 13, 2007 at 1:08 AM
I was trying to mess with this blog locally, but can't seem to login to the admin section using the default login or even chaning or adding one.

When i try to log in it just refreshes the page basically.
Apr 13, 2007 at 3:17 AM
Yeah, I tried that too... Actually a lot of things didn't work.

I accidentally found out that all the files were set to read-only. Right click on the BlogEngine folder, unselect the read-only box and apply to all subfolders and files, and everything should work again.
Apr 14, 2007 at 1:28 AM
Same here... I ensured read-only is set on all folder... and even gave write permissions to the ASP.NET user on the App_Data folder, but nothing.

I added a user to the users.xml file and the user does properly show as an author, so it seems to get to the App_Data folder correctly...but however, unable to login.

The only mod I made to the web.config file was take out the <trust level="high"/> line, since it breaks other things on my site... could that be it...? Anyone else with this issue...?

Apr 14, 2007 at 9:21 PM
Yeah, I can't login either. The weird thing is that I update the users.xml file with my username and password to my web host, can't log in. However, I then change the users.xml file back to admin/admin and I can log in with the credentials I originally had, but then when I try and delete posts it asks me to log in again... very frustrating.
Coordinator
Apr 14, 2007 at 10:09 PM
Edited Apr 14, 2007 at 10:54 PM
I'm sorry you are having trouble getting authenticated. In the early going, I had some issues as well. For me, it boiled down to write permissions as the users.xml file is written to every time you log in.

As veccie wrote, you need to confirm that the files are not set to read only.

Also, my hosting provider (WebHost4Life) gives all sorts of permission option for folders, but the only one that worked for allowing write access to the AppData folder was user "NetworkService" needed write permissions. I'd suggest trying other permission options as the ASP.NET user didn't help the permissions issues for me.

If these two things don't solve your problem, contact me through this site (or my site) and I'd be willing to try to help. I'd like to learn what else might be causing trouble so we can make it easier for others moving forward. If you contact me, please let me know what release you are using and if it works locally for you (started from VS2005).
Apr 15, 2007 at 3:08 AM
Edited Apr 15, 2007 at 3:09 AM
RazorAnt,

That did it. Giving the Network Service User (instead of ASP.NET user) write permissions to the App_Data folder allowed me to log in.

Now playing with permissions to allow attachment of an image/file to a post... will post again if unable or when I find what works...

Thanks.
Jun 10, 2007 at 11:49 PM
I am not having any luck with this.

I am able to run the site locally and after giving the Network Service full control on the App_Data folder I was abl to login however I am not having the same result on my Web Server.

My Web Server is a dedicated server running Windows 2003 Server with .NET 1.1 and .NET 2.0 using the Plesk frontend for administration. I did the following to get the engine working:

Logged into my Web Server and downloaded BlogEngine 1.0, exrtacted the web files to a folder in the root of my personal domain.
I used IIS Admin to create a web application out of the folder containing BlogEngine so it would execute under .NET 2.0
I set the permissions to App_Data giving the Network Service full access

The BlogEngine runs fine however I am unable to log in no matter what I try, I have even tried giving every account on App_Data full access and checked the child objects to inherit the permissions however this has no affect.

Right now BlogEngine is just a pretty frontend that I can't do allot to! Short of having to edit it locally and upload it is there anything else I can try?

Fz

All the more reason to have a SQL backend, would avoid this hassle but is this going to affect file/image uploads?
Jun 11, 2007 at 12:46 AM
Okay I am having some strange results now.

I removed the uploaded blogengine files and then used the Plesk frontend web app to create a new folder under my domains root. Then I uploaded the contents of the blogengine folder into this new folder and used the frontend to assign the permissions.

Now this worked, I was able to log in however I have found something strange:

Regardless of what user credentials you enter into the users.xml file, you can still log in with Admin/admin. Removing all users from the users.xml files makes no difference, whichever new user you created cannot login as you have removed their login however the default Admin/admin account can.

Attempting to delete the Admin/admin account has no affect either... very strange.

Anyone seen this behaviour before? Doesn't make the site very secure if the default account can log in, I have tried searching the source code for anything but found nothing so can't blame it on some debug code ;)

Fz
Jun 11, 2007 at 12:52 AM

finalzero wrote:
Okay I am having some strange results now.

I removed the uploaded blogengine files and then used the Plesk frontend web app to create a new folder under my domains root. Then I uploaded the contents of the blogengine folder into this new folder and used the frontend to assign the permissions.

Now this worked, I was able to log in however I have found something strange:

Regardless of what user credentials you enter into the users.xml file, you can still log in with Admin/admin. Removing all users from the users.xml files makes no difference, whichever new user you created cannot login as you have removed their login however the default Admin/admin account can.

Attempting to delete the Admin/admin account has no affect either... very strange.

Anyone seen this behaviour before? Doesn't make the site very secure if the default account can log in, I have tried searching the source code for anything but found nothing so can't blame it on some debug code ;)

Fz


Okay found the culprit, its the IIS Cache thats causing the problem. Looks like I need to configure the Web Application settings as it doesn't seem to recognise any new changes to the web application e.g. adding a new user - only remedy seems to be to restart the blogengine.net application to resolve the issue.
Jun 22, 2007 at 8:43 PM
I can't log in using the username and password that I entered into the Users file. I even deleted the Users file, and was still able to login using "admin/admin." How do you clear this information out of the cache so that it uses the new information? This seems like a problem that should have been resolved at the 0.0 alpha stage...
Jun 23, 2007 at 12:07 AM

camainc wrote:
I can't log in using the username and password that I entered into the Users file. I even deleted the Users file, and was still able to login using "admin/admin." How do you clear this information out of the cache so that it uses the new information? This seems like a problem that should have been resolved at the 0.0 alpha stage...


Considering the "admin/admin" login would be defined in the users.xml file, deleteing the file woudn't somehow make you able to login. In any case, please provide some details as to what is happening other than "you can't login". Are you getting an error message(a) or any other details?
Sep 2, 2007 at 2:24 AM
I decided to give this thing another try. I downloaded the latest bits, uploaded them to my webhost (discountasp.net), opened the users.xml file locallly, changed the username and password to my own, uploaded the changed xml file, and attempted to login.

I get this message:

Your login attempt was not successful. Please try again.

Why does this not work? I followed the instructions to the letter.
Coordinator
Sep 2, 2007 at 11:24 AM
After you change the users.xml the web application needs to restart. Just re-upload the web.config or the BlogEngine.Core.dll and it will restart.
Sep 2, 2007 at 6:48 PM
Thank you!

That worked great, and was a very easy solution.

Have a wonderful day!
Jul 4, 2008 at 1:00 AM
Ok I tried everything suggested here. Permissions on the app_data folder.  think about it people.  the application is able to write to the file but logon is still not working?  that suggests to me that the problem has nothing to do with write permissions.

Anyway the thing i got to work in the end was the caching suggestion.  I changed the web.config file, just added a space, and then saved the file. loaded the app in a new browser and hey presto it recognised the new users.  I suspect that users in the system are being saved when the application starts and that this data isnt flushed until that application is restarted.

thanks for the caching suggestion. Would never have gotten this otherwise.  Cant believe this is not documented though???

nyway thatks again
Jul 4, 2008 at 5:20 AM
I just upgraded from the last 1.3 version to 1.4 and now I can't log in either. I tried renaming the web.config trick and still no luck. Any suggestions? Thanks!
Jul 4, 2008 at 6:03 AM


mattb123 wrote:
I just upgraded from the last 1.3 version to 1.4 and now I can't log in either. I tried renaming the web.config trick and still no luck. Any suggestions? Thanks!



Try to change password of admin account. That's how I solved the problem.
Jul 4, 2008 at 6:33 AM
Take a look in you web.config at:
<membership defaultProvider="XmlMembershipProvider">
            <providers>
                <clear/>
                <add name="XmlMembershipProvider" type="BlogEngine.Core.Providers.XmlMembershipProvider, BlogEngine.Core" description="XML membership provider" passwordFormat="Hashed"/>


*************************
passwordFormat="Hashed"/>
*************************

I bet your old web.config had it listed as Clear.

eastons

Jul 5, 2008 at 4:51 AM
My web.config has passwordFormat="Hashed", so I think I'm ok there.

How do I change the admin password without being able to log in? Edit a file somewhere?

Thanks!
Jul 5, 2008 at 6:02 AM
Check:  users.xml in the app_data folder.
Oh and what I meant earlier is check your old web.config( the one you created your accounts under ) to see if it had passwordFormat="Clear". If it did, mine did, you either have to change your new web.config to Clear or recreate all your accounts with passwordFormat="Hashed" by importing the users.xml from the web builds app_data folder into your own and logging in with admin/admin.


Jul 5, 2008 at 6:13 AM

Hi everybody. I really thank all of those who have made the blogengine software but I personally prefer to use a software which has almost no bug; I prefer to be charged for that since time is gold. Does anybody know any software which is reliable and is base on ASP.NET? I really need  a reliable blogging software even if I have to pay money for that; you know the fact that a software is free is not enough because we are really missing our time as time is not comparable with even gold I prefer to have an expensive software rather than a free one which is not frustrating. I don't want to be rude and really appreciate the work of the founders but as you see version 1.3... has still its own problems and then we see a new version with more problems; I think it is not fare just because the software is free since a lot of things are mentioned on the site to advertise this software and the related platform but when you come in things differ. So please accept my apologies for being direct but being a free software doesn't mean that the consumers are to face a lot of problems and especially no response just time consuming and all.
Again please accept my apologies for being direct and I suggest the authorities to reconsider their policies since an individual is a mobile advertisement especially in referral plans.
with all my heartiest respects
lovencare

Sep 12, 2008 at 9:31 PM
Edited Sep 12, 2008 at 9:41 PM

I understand exactly your point, but must say that "buying" a service does not makes the problems goes away. It only means that you can address your problem to someone that tries to take care of it.
You cannot find a software "witch has almost no bug", not in this realm, what you want is someone who takes care of the bugs if they exist and is a problem.
From what you are saying it seems like you want to buy a "solution", not a software. When you buy a solution you get the people who can fix problems in the package. And the "solution" could be blogengine + a company who has that software as a speciality.

To sum it up, you cannot buy a boxed product that fits you and your needs exactly, that has no problem to implement in your environment, that will function 100% all the time out of the box. But you can find companies and people that can give you that solution for you.

If time is money (and money is valuable for you) , I'm sure that BlogEngine + one good programmer will be your best shoot.

I'm from Sweden and English was not my best subject in school (really not) so please try to refrain to comment on grammar and spelling issues if its not positive. ;)

Nov 4, 2008 at 9:03 PM
Still the same issue, but even more complicated. I installed BE 1.4.5 in the root folder of one of my websites. 
At now the domain doesn't still exist, so the website is merely a website defined only in my shared virtual server (it's a Plesk virtual server with Windows Server 2003). 
After having uploaded all the files to the server via FTP, I have changed the access previleges of the App_Data folder - I didn't understand why some files or folders should change to readonly while uploading with an FTP client - and the BlogEngine seems to be running correctly, because the default.aspx page is loaded right.

When I login with the admin/admin credentials pair, the page seems to be reloaded without effect, as stated in most posts here in this thread. What's is even more strange, is the fact that the upper bar hyperlinks point to absolute URLs:

http://mydomainname.com/about.aspx
http://mydomainname.com/archive.aspx
and so on...

although the domain doesn't exist at now. I would have expected that those hyperlinks point not to absolute URLs, but to relative URLs, like:

about.aspx
archive.aspx

In fact I would like to test in depth the BlogEngine in order to verify that everything is working correctly from the Plesk site preview, whose URL should be:

http://11.22.33.44/$sitepreview/mydomainname.com/default.aspx

But the absolute URLs prevent BE from being tested with the Plesk site preview.

May 27, 2010 at 1:47 AM

Hi All,

I have some troubles to use blogengine.net on discountasp.net.

Please help for me...

Now my configurations are blogengine.web on discountasp.net under root folder.

When I call the website, the error messages appear like this...

Server Error in '/' Application.

Runtime Error

Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>


Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>

How should I solve? But in my local IIS server, there was no problem... what's wrong? @_@

Please help for me...

Thanks

Coordinator
May 27, 2010 at 5:09 AM

In your web.config file, change the customErrors tag so it is:

<customErrors mode="Off">

You should then get a real error message, instead of that generic error page.

May 27, 2010 at 5:36 AM
BenAmada wrote:

In your web.config file, change the customErrors tag so it is:

<customErrors mode="Off">

You should then get a real error message, instead of that generic error page.

Yeah... when I use like this... I got a new error message...

Configuration Error

<!-- body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } pre {font-family:"Lucida Console";font-size: .9em} .marker {font-weight: bold; color: black;text-decoration: none;} .version {color: gray;} .error {margin-bottom: 10px;} .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; } -->

Server Error in '/' Application.

Configuration Error

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.

Source Error:

Line 7:  	</configSections>
Line 8:  	<BlogEngine>
Line 9:  		<blogProvider defaultProvider="XmlBlogProvider">
Line 10: 			<providers>
Line 11: 				<add name="XmlBlogProvider" type="BlogEngine.Core.Providers.XmlBlogProvider, BlogEngine.Core"/>


Source File: E:\web\myanmaraspn\htdocs\blogengine.web\web.config    Line: 9


Show Additional Configuration Errors:

It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 47)
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 48)
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 60)
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 68)
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 76)


Version Information: Microsoft .NET Framework Version:2.0.50727.4016; ASP.NET Version:2.0.50727.4016

<!-- [ConfigurationErrorsException]: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 9) at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject) at System.Configuration.BaseConfigurationRecord.GetSection(String configKey, Boolean getLkg, Boolean checkPermission) at System.Configuration.BaseConfigurationRecord.GetSection(String configKey) at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName) at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index) at System.Web.Configuration.RuntimeConfig.get_CustomErrors() at System.Web.Configuration.CustomErrorsSection.GetSettings(HttpContext context, Boolean canThrow) at System.Web.HttpResponse.ReportRuntimeError(Exception e, Boolean canThrow, Boolean localExecute) at System.Web.HttpContext.ReportRuntimeErrorIfExists(RequestNotificationStatus& status) - [ConfigurationErrorsException]: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 47) at System.Web.Configuration.WebConfigurationHost.VerifyDefinitionAllowed(String configPath, ConfigurationAllowDefinition allowDefinition, ConfigurationAllowExeDefinition allowExeDefinition, IConfigErrorInfo errorInfo) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(XmlUtil xmlUtil, String parentConfigKey, Boolean inLocation, String locationSubPath, OverrideModeSetting overrideMode, Boolean skipInChildApps) - [ConfigurationErrorsException]: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 48) at System.Web.Configuration.WebConfigurationHost.VerifyDefinitionAllowed(String configPath, ConfigurationAllowDefinition allowDefinition, ConfigurationAllowExeDefinition allowExeDefinition, IConfigErrorInfo errorInfo) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(XmlUtil xmlUtil, String parentConfigKey, Boolean inLocation, String locationSubPath, OverrideModeSetting overrideMode, Boolean skipInChildApps) - [ConfigurationErrorsException]: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 60) at System.Web.Configuration.WebConfigurationHost.VerifyDefinitionAllowed(String configPath, ConfigurationAllowDefinition allowDefinition, ConfigurationAllowExeDefinition allowExeDefinition, IConfigErrorInfo errorInfo) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(XmlUtil xmlUtil, String parentConfigKey, Boolean inLocation, String locationSubPath, OverrideModeSetting overrideMode, Boolean skipInChildApps) - [ConfigurationErrorsException]: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 68) at System.Web.Configuration.WebConfigurationHost.VerifyDefinitionAllowed(String configPath, ConfigurationAllowDefinition allowDefinition, ConfigurationAllowExeDefinition allowExeDefinition, IConfigErrorInfo errorInfo) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(XmlUtil xmlUtil, String parentConfigKey, Boolean inLocation, String locationSubPath, OverrideModeSetting overrideMode, Boolean skipInChildApps) - [ConfigurationErrorsException]: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. (E:\web\myanmaraspn\htdocs\blogengine.web\web.config line 76) at System.Web.Configuration.WebConfigurationHost.VerifyDefinitionAllowed(String configPath, ConfigurationAllowDefinition allowDefinition, ConfigurationAllowExeDefinition allowExeDefinition, IConfigErrorInfo errorInfo) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(XmlUtil xmlUtil, String parentConfigKey, Boolean inLocation, String locationSubPath, OverrideModeSetting overrideMode, Boolean skipInChildApps) --><!-- This error page might contain sensitive information because ASP.NET is configured to show verbose error messages using <customErrors mode="Off"/>. Consider using <customErrors mode="On"/> or <customErrors mode="RemoteOnly"/> in production environments.-->
Coordinator
May 27, 2010 at 5:50 AM

This error indicates you have BE installed in a sub-folder.  It looks like the sub-folder name is "blogengine.web".

There's two options:

1.  Install BE into the root folder of your website (not a subfolder).

2.  If you want to have BE installed in a subfolder, you'll need to mark that subfolder as an "application" in IIS.  If you have direct access to IIS, you can do that.  Or if your site is hosted somewhere, sometimes the host will have the option in their control panel to convert a sub-folder into an application ... or you might be able to ask their support department to convert the "blogengine.web" folder into an "application" in IIS.

May 27, 2010 at 6:06 AM

Oh! Thanks Ben Amada...

Actually I want to read about how to customize and deploy blogengine.net with discountasp.net.

cos i want to change themes etc...

and I want to redirect or something...

now my blog link is like this... www.sample.com/blogengine.web

it should be blog.sample.com or www.sample.com

that's why if u have any idea for reference or some website links...

Thanks... Ben Amada

Coordinator
May 27, 2010 at 7:52 AM

I have a couple of BE installations at Discountasp.net (DASP).

Option 1:  You could move BE into the root folder (www.sample.com).  If you want to do this, then just copy everything to the root folder, and delete the blogengine.web folder.  And you'll be done.

Option 2:  Or if you prefer to keep BE in a subfolder, you can do that.  You might want to rename "blogengine.web" to something like "blog".  Then in the DASP control panel, there's an option on the left side labeled "Web Application Tool".  If you go there, you'll have an opportunity to select the "blog" folder, and then click the "Install Application" button.  This will make the "blog" folder run as its own application.

May 27, 2010 at 9:22 AM

Hi,

Amada,

Correct! now it's working cos I did what u said.

Thanks.... a lot...

but i can access www.sample.com/blog like this...

actually i want www.sample.com

how should i redirect

cos... later i want to use subdomain... that's why... www.sample.com may be portal or forum

after that this blog may be blog.sample.com

but currently i dun have subdomain function... so how to redirect

 

Thanks for your time

Coordinator
May 28, 2010 at 11:19 AM

If you want to put the blog in the root directory, all you need to do is FTP the files directly into the root folder -- rather than uploading them into the "blog" subfolder.  If you do this, then you can delete the Web Application you created in the DASP control panel.  And you can also delete the entire "blog" subfolder.

If you want to use a subdomain like blog.sample.com, you could pay DASP an extra $5 a month (I think) to have unlimited subdomains.  Or you could purchase another hosting plan at DASP, and when you enter your domain name (when purchasing), you would want to enter blog.sample.com.  When you do this, your new hosting plan will be tied to blog.sample.com.

blog.sample.com can also be achieved via URL rewriting, but this can be a little more complicated.

Jun 7, 2010 at 6:02 AM

Need Help....

 

I had recently uploaded a blog on my site. Then for a month or two I did not opened it. Is there any possibility that the admin login or the user that I created gets expired?

As I am not able to login at my admin id also. What should i try to do ? Help needed urgently...

 

Thanks,

Singh

Jun 7, 2010 at 6:55 AM

Hi mail2rocketsingh;

 

It's not expired. I think you may be change your password after that you forgot. :D

If you didn't change any password. You can log in default admin password. Usrname : Admin, Password : admin

And you also can check default username password in App_Data folder\users.xml.

 

 

Jun 9, 2010 at 12:31 PM
Thanks buddy, I got the solution for it. I actually forgot the password. But now i have retrieved it. Thanks for your help and suggestion...