We have a standard ASP.NET MVC 3 website. From a few days ago some uses cannot login or recover password anymore.
When trying to login they get the following error:
Login failed. Please correct the errors and try again.
•The user name or password provided is incorrect.
When trying to recover password they get the following error:
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
In the web server event viewer we see:
Event code: 4006
Event message: Membership credential verification failed.
Event time: 4/29/2013 4:22:16 AM
Event time (UTC): 4/29/2013 8:22:16 AM
Event ID: 2b0b4500be674969a5962608df7b18fd
Event sequence: 142
Event occurrence: 2
Event detail code: 0
If we try to register a new user afterward we can login and reset password without problems.
Why only some users get the issue above?
We checked many articles on the internet but explain only to solve this issue for all users, not only for some of them.
Thanks.
For some reason we where not getting the LockedOut exception but simply the "Invalid username or password" error. Now we will investigate on the reason.
Related
I have added login throttling to my symfony app. If I try to log in 5 times in a row in the same minute with invalid credentials I have a TooManyLoginAttemptsAuthenticationException in the onAuthenticationFailure method of my authentificator, so far so good.
But if I try to login with correct credentials in the same minute after the TooManyLoginAttemptsAuthenticationException I was expecting to have the same error but I'm actually successfully logged in.
Am I missing Something ?
Trying to log in using the Google Identity Toolkit with an AOL email returns "Error code: Error code: 2.":
https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=<key> 503 ()
[identitytoolkit] createAuthUri: {"error":{"code":503,"message":"Error code: 2","errors":[{"message":"Error code: 2","domain":"global","reason":"backendError"}]}}
No opportunity to enter in a password. This error is shown prior to getting the chance to enter your PW. I do not have AOL enabled as one of my login providers in my config and this was previously working for users. Looks like the same issue was discussed in this post: Google Identity Toolkit returns error 2 when signing in with aol email Id
It seems to be an issue still or broke again. Anyone know how to resolve?
I'm trying to setup my Google Identity Toolkit so users can reset their passwords. I'm following the documentation here: https://developers.google.com/identity/toolkit/web/required-endpoints#send_email_url
I'm using the PHP Gitkit Client outlined here: https://github.com/google/identity-toolkit-php-client/blob/master/src/GitkitClient.php
Specifically the function getOobResults() on line 307 seems to be unhappy for some reason. Here's where I'm at:
User sets up account and logs in successfully
User then logs out and starts to log back in, enters email in and clicks "Forgot password"
reCaptcha is shown, click check box and then hit continue
At this point my 'Send Email URL' endpoint (gitkitEmail.php) is successfully called and the following POST is set to it (dropping the full '&response' param since it goes on for a while):
action=resetPassword&email=xodfebefa%40nada.ltd&challenge&response=03ACgFB9tGlNt2KAGhrVY....
I then take that string and parse it using parse_str(); since getOobResults() is looking for an array. However, response I get back is always:
{
"response_body": {
"error": "CAPTCHA_CHECK_FAILED"
}
}
I searched around but can't find any details on this error. Any help would be appreciated. I don't have a reCaptcha setup anywhere on my site, unsure if this is expecting me to do that and that's why it's failing? Also, I did bump all my code to a production environment and got the same error there as I did on my localhost.
We're seeing lots of events like these even though we have authentication set to "None":
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 12/3/2013 12:50:06 PM
Event time (UTC): 12/3/2013 6:50:06 PM
Event ID: 9a0cc0c93a964b1c9bd7126dc367b09b
Event sequence: 163807
Event occurrence: 23853
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/1/ROOT/BG-4-130305700816025855
Trust level: Full
Application Virtual Path: /BG
Application Path: D:\inetpub\wwwroot\BG\
Machine name: ***
I even double-checked in IIS Manager at the site and server level and the GUI shows Forms Authentication set to Disabled.
This is using asp.net 4.0 running on Server 2008 R2. I tried adding a machineKey to machine.config just to test but it still fails. It doesn't seem like all requests are failing since I only see the error once a minute but I can't isolate which ones are failing. I even tried using Fiddler to send a bogus .ASPXAUTH cookie but I didn't see any new errors in the event log that match up with my request.
Anyone have any ideas?
Thanks,
tim
Getting 401 errors when trying to use ASP.NET back end in load balanced environment (2 web servers). Windows log says:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 6/6/2012 10:34:27 AM
Event time (UTC): 6/6/2012 5:34:27 PM
Event ID: de68a535d53e4bdfb11ace24a97c63c9
Event sequence: 18
Event occurrence: 7
Event detail code: 50201
Machine key on both IIS applications configured to be same. What else can cause this problem?
As it turned out two web servers had slightly different set of windows patches installed. As soon as we installed all same patches on both of them - problem was solved.