none
FBA will not log on; everything else is fine RRS feed

  • Question

  • Good Afternoon,


    I have a SharePoint 2010 Farm with a web application on the 20000 port that has been configured for FBA.  I did my configuration through IIS 7 and configured SharePoint to look to the aspnetdb for user authentication.  The connection seems healthy, and I am able to resolve users and roles in the SharePoint people picker.  However, when I go to log one of my test users in, it says my credentials are not good (check username and password).  Since these are test users, I am 100% sure of the password and usernames (and have double checked in SQL), yet I can't seem to get logged on as hard as I try. 

    Upon this login failure, the WFE server returns these errors in windows event viewer:

    Level: Information; Source: ASP.NET 2.0; Event ID 1315; Category: Web Event
    Event Data:


    4006



    Membership credential verification failed.



    1/10/2011 4:42:45 PM



    1/10/2011 9:42:45 PM



    62a2512d090246c7850c07be487d7bf1



    5



    4



    0



    /LM/W3SVC/2/ROOT/SecurityTokenServiceApplication-1-129391686877670803



    Full



    /SecurityTokenServiceApplication



    C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\SecurityToken\



    DEV-SP3







    6592



    w3wp.exe



    OAKLEYTECH\spliaison1



















    False







    OAKLEYTECH\spliaison1



    aeinstein

    Note: spliaison1 is the identity of the STS service application; aeinstein is the denied FBA user

    Also recorded at the failed login is an unhandled exception error in the Claims Authentication category, which is much less useful (i would think)

     

    The procedure I've followed to setup FBA successfully in the past can be found here

     

    I would be greatful for any assistance!  Unfortunately this issue has monopolized most of my time today.

     

    TIA,

    PV

    Monday, January 10, 2011 9:50 PM

Answers

  • How did you create the user accounts? Did you create it directly in the database because if that is the case then most probably it won't work because the passwords might have to be encrypted.

    Here is what I would recommend -

    1. In the ASP.NET Web Application open the ASP.NET Configuration tool. It will open a site which will be connected to your SQL Server database.
    2. Delete the accounts you have created.
    3. Recreate the accounts again with passwords.

    The other possibility is the application ID might be wrong.

    Please let me know if this works. If it does not please paste your web.config file details for SQL Connection string and membership provider.

    Thanks!


    Ameet Phadnis (e Tek Global Inc.)
    • Marked as answer by pviii Tuesday, January 11, 2011 4:40 PM
    Monday, January 10, 2011 10:26 PM

All replies

  • Is the membership provider and sql connection string correct? I would recommend creating sample ASP.NET application and insert the membership provider and connection string information in that web.config file and try to login. If that works then there is some configuration issue on this SharePoint. If that does not work I think the issue is on the SQL Provider database.
    Ameet Phadnis (e Tek Global Inc.)
    Monday, January 10, 2011 10:00 PM
  • I have made a sample ASP.NET application, inserted the membership and role providers as well as the connection string.  I try to log into that new application and get the old " Your login attempt was not successful. Please try again"


    I agree that the issue is probably on the SQL provider db; how might i go about fixing this?  Or, might it be easier to eliminate that aspnetdb and recreate it using the asp-regsql.exe found in the ASP.NET framework?

     

    I appreciate your quick reply and insight; i am still a neophyte in the IT realm,  and will certainly use this ASP.NET application test in the future.  Thanks for the tip!

    ----PV

    Monday, January 10, 2011 10:19 PM
  • How did you create the user accounts? Did you create it directly in the database because if that is the case then most probably it won't work because the passwords might have to be encrypted.

    Here is what I would recommend -

    1. In the ASP.NET Web Application open the ASP.NET Configuration tool. It will open a site which will be connected to your SQL Server database.
    2. Delete the accounts you have created.
    3. Recreate the accounts again with passwords.

    The other possibility is the application ID might be wrong.

    Please let me know if this works. If it does not please paste your web.config file details for SQL Connection string and membership provider.

    Thanks!


    Ameet Phadnis (e Tek Global Inc.)
    • Marked as answer by pviii Tuesday, January 11, 2011 4:40 PM
    Monday, January 10, 2011 10:26 PM
  • Alright!  Making progress now...

    I had originally populated the membership with my test users using IIS.  I'm not sure what this means for password encryption...

    Through the ASP.NET web application tool, I changed the membership and role providers to that which I had setup for FBA and created a new user.  I then tried to log into SharePoint FBA web app with this user and it worked!  After I finished dancing, I checked the application IDs for the users I tried to log in with before and they matched that of the user I was able to log in with. 

    This leads me to believe that something has been changed on the SQL membership provider...  I can see no notable difference between the membership table entries for the users i made with IIS and the users made with the ASP.NET configuration tool.  I'll keep digging and see if I can figure out this last bit, but I thought I'd provide you with an update.

     

    Thanks again,

    PV

    Tuesday, January 11, 2011 3:43 PM
  • Were the passwords that were stored on SQL Server the same or different. Was the Password encrypted?
    Ameet Phadnis (e Tek Global Inc.)
    Tuesday, January 11, 2011 4:07 PM
  • the password was in SQL as I entered it in the ASP.NET tool, however there is a PasswordSalt column which is automatically generated and appears encrypted

    -PV

    Tuesday, January 11, 2011 4:23 PM
  • I have always used my sample ASP.NET application to create the initial users. Because it sets up the user the way it should be.

    Good luck. Happy SharePointing with FBA :)

    Thanks,


    Ameet Phadnis (e Tek Global Inc.)
    Tuesday, January 11, 2011 4:26 PM