U4-4793 - Created member in Umbraco admin and member added with no password

Created by Tim Peel 30 Apr 2014, 13:57:13 Updated by Richard Hamilton 10 Aug 2016, 10:31:32

Duplicates: U4-4765

In the members area of Umbraco. Right click to create a new member. Complete the form and choose a password. User created with empty password in the database record.

Trying to login via MembershipHelper.Login(username, password) then throws the exception:

{{[ArgumentOutOfRangeException: Index and length must refer to a location within the string. Parameter name: length] System.String.Substring(Int32 startIndex, Int32 length) +14274573 Umbraco.Core.Security.MembershipProviderBase.StoredPassword(String storedString, String& salt) +211 Umbraco.Web.Security.Providers.UmbracoMembershipProvider2.ValidateUser(String username, String password) +512 Umbraco.Web.Security.MembershipHelper.Login(String username, String password) +41 Client.UI.App.Controllers.AccountController.Login(LoginViewModel model, String returnUrl) in d:\........\Controllers\AccountController.cs:31 lambda_method(Closure , ControllerBase , Object[] ) +179 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +258 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +39 System.Web.Mvc.<>c__DisplayClass13.<InvokeActionMethodWithFilters>b__10() +124 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +799894 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +799894 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +799894 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +799894 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +307 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +799960 System.Web.Mvc.<>c__DisplayClass1d.b__19() +40 System.Web.Mvc.Async.<>c__DisplayClass1.b__0() +15 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +65 System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +15 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +51 System.Web.Mvc.<>c__DisplayClass8.b__3(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>c__DisplayClass4.b__3(IAsyncResult ar) +15 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +51 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288}}

Check the member record in cmsMember DB table and the Password column is empty, the password chosen during user creation is not used.

Edit the member in the Umbraco member area and set a new password. The database is updated and the correct hashed password is set.

Comments

Tim Peel 30 Apr 2014, 14:49:29

I used "password" when creating the member and not the 4 character one generated by the UI.


Sebastiaan Janssen 30 Apr 2014, 15:18:33

Not sure what build you're on but we (very) recently fixed this and I do get a password in the db currently.


Tim Peel 30 Apr 2014, 15:28:42

umbraco.dll version 1.0.5192.31515

I installed via nuget (6.2 RC) on Monday and this was fixed a couple of days ago so looks like I just missed it.

Has the nuget package been updated?

Thanks


Sebastiaan Janssen 30 Apr 2014, 15:58:02

@Tim.Peel Nope, we're releasing final tomorrow.


Tim Peel 30 Apr 2014, 16:08:26

Great, will pick up tomorrow.


Richard Hamilton 10 Aug 2016, 10:31:33

@sebastiaan I am using Umbraco version 7.4.1 assembly: 1.0.5891.23238 And have started seeing this error on member login when overriding ValidateUser

public override bool ValidateUser(string username, string password) { return base.ValidateUser(username, password);

        }

[ArgumentOutOfRangeException: Index and length must refer to a location within the string. Parameter name: length] System.String.Substring(Int32 startIndex, Int32 length) +13742072 Umbraco.Core.Security.MembershipProviderBase.StoredPassword(String storedString, String& salt) +117 Umbraco.Core.Security.MembershipProviderBase.CheckPassword(String password, String dbPassword) +122 ECN.Web.App.Security.MembersMembershipProvider.ValidateUser(String username, String password) in C:\xxx\xxx\XXX\XXX.Web\App\Security\MembersMembershipProvider.cs:57 ECN.Web.Controllers.MemberLoginSurfaceController.MemberLogin(MemberLoginViewModel model) in C:\xxx\xxx\XXX\XXX.Web\Controllers\MemberLoginSurfaceController.cs:64 lambda_method(Closure , ControllerBase , Object[] ) +142 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +229 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +35 System.Web.Mvc.Async.AsyncControllerActionInvoker.b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +39 System.Web.Mvc.Async.WrappedAsyncResult2.CallEndDelegate(IAsyncResult asyncResult) +67 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +72 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +386 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +386 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +386 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +38 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +186 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38 System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +65 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38 System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +44 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +65 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +399 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +137


Priority: Normal

Type: Bug

State: Duplicate

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 6.2.0

Due in version:

Sprint:

Story Points:

Cycle: