lithuin

Hello,

I'm hoping that this is in the right forum, but this is a bit of a weird question, I think.

I've got an asp .net website with a working membership system, using the sqlMembership provider. This is working properly without a hitch, but I am working on changing the system so that user membership information can be updated from an iSeries. This basically leaves me using Java and JDBC to call stored procedures to manage user data. This seems to work fine, in a general sense. I can modify data for existing users, and everything is hunky-dorey. The problem is that creating new users is a bit strange. It does work, and I can see the users on teh SQL server when I run the aspnet_Membership_GetAllUsers stored procedure, but I can not get users created this way to validate and log in to the website. I'm thinking the problem is in the way I'm calling the aspnet_Membership_CreateUser stored procedure. I've included what believe to be the relevant code below. I'm guessing the problem is related to the password salt and the password format.

I do understand that this stuff is technically supposed to be more back-end and not ran directly, but since writing C# on the iSeries is not an option, this is what I'm left with. It seems like it should work, and in fact, nearly does.

Thanks in advance for any assistance,

Daniel

web.config

<membership defaultProvider="myProvider">
<providers>
<add name="myProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="myConnectionString"
applicationName="myApplication"
minRequiredPasswordLength="8"
minRequiredNonalphanumericCharacters="0"
requiresQuestionAndAnswer="false"
enablePasswordReset="false" />
</providers>



Stored Procedure

DECLARE @currentDateTime datetime;
DECLARE @results int;

SET @currentDateTime = GetDate();

EXEC @results = membershipDB.[dbo].[aspnet_Membership_CreateUser]
@ApplicationName = N'myApplication', @UserName = @parmUserName,
@Password = @parmPassword, @PasswordSalt = '',
@Email = @parmEmail, @PasswordQuestion = NULL,
@PasswordAnswer = NULL, @IsApproved = 1,
@CurrentTimeUtc = @currentDateTime,
@CreateDate = @currentDateTime,
@UniqueEmail = 1, @PasswordFormat = 1, @UserId = @UserId OUTPUT



Re: .NET Framework Data Access and Storage aspnet_Membership_CreateUser makes me cry.

jgalley

This is a shot in the dark as I have not looked "under the hood" at the membership stuff...

But, if you are setting the salt to an empty string, then I think you might want to switch to plain text (unencrypted) passwords ...

PasswordFormat = 0





Re: .NET Framework Data Access and Storage aspnet_Membership_CreateUser makes me cry.

lithuin

Well, that actually brings up another question for me. I can't find a reliable description of that field as it's used. If 0 is plain, is 1 encrypted, or just hashed If I were to keep it at one, do I just enter arbitrary text in the salt field Do I need to then set that anywhere as well in my web.config

Would 2 be encrypted I'm not exactly certain how I would go about implementing this. I believe when I set it to 2, I get the following error when I attempt to log in:

You must specify a non-autogenerated machine key to store passwords in the encrypted format.
Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key.


I'm not exactly certain what that error wants me to do. Would this also be a change in the web.config

Thanks for the shot in the dark.




Re: .NET Framework Data Access and Storage aspnet_Membership_CreateUser makes me cry.

yuc007

Here is the def of the fields used and what the sp does

http://msdn2.microsoft.com/en-us/library/aa478949.aspx

if you dont want to change anything you could just set the format to plain text and use it like that, saving plain text password is not recomended though.

Hope it helps