Paddy Paddy - 1 month ago 10
ASP.NET (C#) Question

Strange Error On Failed ASP.Net Login

I've an ASP.Net 3.5 (C#) web application which uses Sql Server 2008 for its database. In that db is a standard users table with columns username/password and I have a simple login form to authenticate users. The login page simple queries the table for matching username/password combination for the values inputted. If a user enters a valid username/password it works fine and proceeds, however if an invalid combination for some reason it throws an error rather than simply finding no matches. The error is:


System.Web Message: Exception of type
'System.Web.HttpUnhandledException' was thrown. Stack trace: at
System.Web.UI.Page.HandleError(Exception e) at
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context) at
ASP.login_aspx.ProcessRequest(HttpContext context) in
c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
Files\root\55c40ade\918a8ce7\App_Web_xyhtxem7.17.cs:line 0 at
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously) Complete Error Text:
System.Web.HttpUnhandledException: Exception of type
'System.Web.HttpUnhandledException' was thrown. --->
System.Data.SqlClient.SqlException: Failed to generate a user instance
of SQL Server due to a failure in starting the process for the user
instance. The connection will be closed. at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,
BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject
stateObj) at
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) at
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64
timerExpire, SqlConnection owningObject) at
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String
host, String newPassword, Boolean redirectedUserInstance,
SqlConnection owningObject, SqlConnectionString connectionOptions,
Int64 timerStart) at
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString connectionOptions, String
newPassword, Boolean redirectedUserInstance) at
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo,
String newPassword, SqlConnection owningObject, Boolean
redirectedUserInstance) at
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool,
DbConnection owningConnection) at
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options)
at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection
owningObject) at
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection
owningObject) at
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at
System.Data.SqlClient.SqlConnection.Open() at
System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context,
Boolean revertImpersonate) at
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) at
System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String
username, Boolean updateLastLoginActivityDate, Int32& status, String&
password, Int32& passwordFormat, String& passwordSalt, Int32&
failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount,
Boolean& isApproved, DateTime& lastLoginDate, DateTime&
lastActivityDate) at
System.Web.Security.SqlMembershipProvider.CheckPassword(String
username, String password, Boolean updateLastLoginActivityDate,
Boolean failIfNotApproved, String& salt, Int32& passwordFormat) at
System.Web.Security.SqlMembershipProvider.ValidateUser(String
username, String password) at
System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs
e) at System.Web.UI.WebControls.Login.AttemptLogin() at
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs
e) at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs
args) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) at
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace --- at System.Web.UI.Page.HandleError(Exception e) at
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest() at
System.Web.UI.Page.ProcessRequest(HttpContext context) at
ASP.login_aspx.ProcessRequest(HttpContext context) in
c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET
Files\root\55c40ade\918a8ce7\App_Web_xyhtxem7.17.cs:line 0 at
System.Web.HttpApplication


Any ideas what's happening?

Answer

I found out the issue here. I wasn't using (or at least trying to use) any Membership provider for my application, but I was using the built in Login control for my login page. I was handling the submit button OnClick event which was working fine and redirecting when valid credentials but not redirecting when invalid and I believe this was the root of the problem as the Login.Authenticate event was being triggered but not handled. By reworking the code and using my own submit form instead of the Login control it worked fine.