Welcome Guest! To enable all features please Login or Register.
2 Pages12>
Options
View
Go to last post Go to first unread
Offline tecman  
#1 Posted : Friday, November 3, 2017 5:18:13 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
I can't login using my admin's username and password after upgrading to the v2.2.4.4. Is it a known issue?
I also tried to use the Lost Password function. It asked me the security question, but my answer was not accepted.
Fortunately, I am logged in in another browser, so I still can login to our forum there. I wanted to change the answer to security question, but I couldn't find this section in my forum profile. Can you help me with that?
Sponsor
Offline tha_watcha  
#2 Posted : Friday, November 3, 2017 9:28:57 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Originally Posted by: tecman Go to Quoted Post
I can't login using my admin's username and password after upgrading to the v2.2.4.4. Is it a known issue?
I also tried to use the Lost Password function. It asked me the security question, but my answer was not accepted.
Fortunately, I am logged in in another browser, so I still can login to our forum there. I wanted to change the answer to security question, but I couldn't find this section in my forum profile. Can you help me with that?


From which version did you upgrade? Did you override your old web.config?

Offline tecman  
#3 Posted : Friday, November 3, 2017 9:46:34 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
I upgraded from the v 2.2.3.0. As always, I added my personal settings to the fresh web.config from the full install package manually to use the latest version of web.config.
Offline tecman  
#4 Posted : Friday, November 3, 2017 10:09:28 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
I've managed to reset my password using the browser in which I was logged in.

Can you also tell me how I can change the security question and answer to it? Where can I find this user setting? Is it available at all after completing the registration?
Offline tha_watcha  
#5 Posted : Friday, November 3, 2017 10:49:26 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Originally Posted by: tecman Go to Quoted Post
I upgraded from the v 2.2.3.0. As always, I added my personal settings to the fresh web.config from the full install package manually to use the latest version of web.config.


Why did you use the full package, there is an upgrade package? I assume you override your machine key. That would be the reason why you cant login

Offline tecman  
#6 Posted : Saturday, November 4, 2017 3:34:32 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
Can you tell me more about this machine key?

As for the upgrade process I am using, I have been doing this from early times when I started to use YAF. Something went wrong with the upgrade first times, so I decided to do it manually using the full package. Add to this that I also fix some problems in original aspx files and do some personal settings in CSS every time before uploading the new version to the server.

Bump #2. Any chance to get answer to the following question?

Quote:
Can you also tell me how I can change the security question and answer to it? Where can I find this user setting? Is it available at all after completing the registration?
Offline tha_watcha  
#7 Posted : Saturday, November 4, 2017 7:53:46 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Originally Posted by: tecman Go to Quoted Post
Can you tell me more about this machine key?

As for the upgrade process I am using, I have been doing this from early times when I started to use YAF. Something went wrong with the upgrade first times, so I decided to do it manually using the full package. Add to this that I also fix some problems in original aspx files and do some personal settings in CSS every time before uploading the new version to the server.

Bump #2. Any chance to get answer to the following question?

Quote:
Can you also tell me how I can change the security question and answer to it? Where can I find this user setting? Is it available at all after completing the registration?


the security question, answer, password and password salt are saved in the yaf_prov_Membership table but all are stored encrypted via the machine key.

Offline tecman  
#8 Posted : Monday, November 6, 2017 9:16:40 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
You wrote that I could override the machine key. Can you tell me more about it? Does it mean that if I upgrade the way I described, all other users of my forum will also have login problems like me? Is there a related documentation I can read?
BTW, when I upgrade the way I do, I never change any specific setting in the forum .config files. I imply that this machine key is something related to the web-server (server name, OS version, something else) and not a thing coded in the .config files. With that said, I simply can't change this machine key with my actions!

As for the security question, ok, I understand that they are saved in a coded form in the db. However, if I have access to my account and can change almost anything in my profile, why can't I change the security question?? I would be glad if I could overwrite it with a new question/answer pair. Is it possible?
Offline tha_watcha  
#9 Posted : Tuesday, November 7, 2017 2:28:01 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Originally Posted by: tecman Go to Quoted Post
You wrote that I could override the machine key. Can you tell me more about it? Does it mean that if I upgrade the way I described, all other users of my forum will also have login problems like me? Is there a related documentation I can read?
BTW, when I upgrade the way I do, I never change any specific setting in the forum .config files. I imply that this machine key is something related to the web-server (server name, OS version, something else) and not a thing coded in the .config files. With that said, I simply can't change this machine key with my actions!


The machine key is really important it encrypts the password, the security question and answer and also the viewstate of the page. The Install Instructions of the forums contains how to set up a machine key for the site. Do you have the old web.config before you upgrade, to check if the machine key was set in the web.config?

If the machine key was not set, I changed the hashAlgorithm for the encryption in the new web.config for new Installs. So you might need to check the membership connection string

Originally Posted by: tecman Go to Quoted Post

As for the security question, ok, I understand that they are saved in a coded form in the db. However, if I have access to my account and can change almost anything in my profile, why can't I change the security question?? I would be glad if I could overwrite it with a new question/answer pair. Is it possible?


The Password and the Security Question/Answer are all stored encrypted via the machinekey. The only way to overwrite it directly in the db is to generate a new one via the API or you create a new user with the password and Security Question/Answer and you copy over the hashed entries from that user to your user account.

Offline tecman  
#10 Posted : Tuesday, November 7, 2017 10:28:22 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
Please, give me a link and/or tell me where I can find detailed information about the installation process and this machine key.

I compared the recommended.web.config from the v2.2.3 and 2.2.4.4 installation packages and found this <machineKey> node. As I see, I have never changed its validationKey and decryptionKey attributes. The whole node is even commented out!

Quote:
If the machine key was not set, I changed the hashAlgorithm for the encryption in the new web.config for new Installs. So you might need to check the membership connection string


Where can I find this membership connection string?

Quote:
The Password and the Security Question/Answer are all stored encrypted via the machinekey. The only way to overwrite it directly in the db is to generate a new one via the API


Why can't we do that in the interface??
Offline tha_watcha  
#11 Posted : Tuesday, November 7, 2017 10:46:37 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Originally Posted by: tecman Go to Quoted Post
Please, give me a link and/or tell me where I can find detailed information about the installation process and this machine key.


In the documenation

https://github.com/YAFNET/YAFNET/wiki/Installation

Originally Posted by: tecman Go to Quoted Post

Quote:
If the machine key was not set, I changed the hashAlgorithm for the encryption in the new web.config for new Installs. So you might need to check the membership connection string


Where can I find this membership connection string?


Sorry i forgot to mention, it is also in the web.config

Originally Posted by: tecman Go to Quoted Post

Quote:
The Password and the Security Question/Answer are all stored encrypted via the machinekey. The only way to overwrite it directly in the db is to generate a new one via the API


Why can't we do that in the interface??


Yes thats a good question, i add it to my to do list
Offline tecman  
#12 Posted : Tuesday, November 7, 2017 10:55:12 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
Even after reading the installation instructions using the provided link, I confirm again that I never changed the machine key hard-coded in the web.config files I have.

Do you want to say that I could not log in because a security algorithm has changed since the v2.2.3?
Offline tha_watcha  
#13 Posted : Tuesday, November 7, 2017 11:05:25 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Originally Posted by: tecman Go to Quoted Post
Even after reading the installation instructions using the provided link, I confirm again that I never changed the machine key hard-coded in the web.config files I have.

Do you want to say that I could not log in because a security algorithm has changed since the v2.2.3?


But did you change the membership connection string? you would only need to change it back then you can log in again

Offline tecman  
#14 Posted : Tuesday, November 7, 2017 11:12:50 AM(UTC)
tecman


Rank: YAF Commander

Reputation:

Joined: 9/20/2013(UTC)
Posts: 98

Thanks: 8 times
Are we talking about the membership node from web.config?

In the v2.2.3 installation package it was

<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA1">

In the v2.2.4.4 it is

<membership defaultProvider="YafMembershipProvider" hashAlgorithmType="SHA256">

I guess, this is the diff that caused the problem?
Offline tha_watcha  
#15 Posted : Tuesday, November 7, 2017 11:25:16 AM(UTC)
tha_watcha


Rank: YAF.NET Project Lead

Reputation:

Medals: Medal of Honor: Portal Puzzle Master: Portal Puzzle Master for DNNMedal of Honor Key: Given to pillars of the community who are key players in the YAF community and project.DNN Master: DNN Module ManBug Killer Medal of Honor: Medal for being a kick-ass bug killer!Medal of Honor for the Support King: Support King! Amazing asset to the YAF.NET Community.

Joined: 3/6/2010(UTC)
Posts: 3,721
Germany

Thanks: 70 times
Was thanked: 1147 time(s) in 977 post(s)
Yes looks like the problem.
Rss Feed  Atom Feed
Users browsing this topic
2 Pages12>
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Notification

Icon
Error