ASP.net Web Administration Tool Forgetting users?

Hey guys this is a weird issue I am having. I am using the built in ASP.NET Web Administration tool to allow users to login to the page I have created for my work. So far there are only 4 people who log into the tool on a daily basis. The logins work great, but once in a while someone can no longer log into the system. It has happened about 3 times now, so I am beginning to think that it isn't them just forgetting their passwords.

After the first time this happened, I set up the password recovery tool, but even that doesn't work. Putting in the username just results in the "We were unable to access your information. Please try again." error which is weird because when I go into the backend the user is still in there. So, I have to delete the user and recreate it, which works for now because we are not using the logins for anything other then logging in, no information is linked to the users. That could be an issue in the future if we scale it up.

I was wondering if anyone has had a similar issue, or knows what the issue may be? I tried to research it some, but I could not find much, or I was just looking under the wrong search terms. I am using Visual Studio 2010 Express and all of the login forms are the built in controls with the default settings.

Let me know if you开发者_StackOverflow need any other further information.

From the web.config file:

<identity impersonate="true"/>
<authentication mode="Forms">
    <forms loginUrl="~/marcalendar/login.aspx"/>
</authentication>
<authorization>
    <allow roles="admin" />
    <allow roles="users" />
<deny users="?"/>
</authorization>

I think the most likely issue here is that your Users are getting locked out (the default configuration of ASP membership doesn't give very clear feedback on why a login attempt is failing, just that it failed), rather than the aspnetdb somehow losing / messing up the user information - although I guess anything is possible :-).

Look in the Web.Config file at the root level of your project. You should see something like this:

<configuration>
    ...Some other stuff here...
    <system.web>
        ...Some other stuff here...
        <membership>
            <providers>
                <clear/>
                <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
            </providers>
        </membership>

The <add name=.../> is the important part there. You see a bunch of tuning parameters for your login settings. The important ones here are

• passwordAttemptWindow="10", AND
• maxInvalidPasswordAttempts="5".

This means that if a user incorrectly enters their password 5 times in a 10 minute period, they are locked out (you could programmatically check this using the MembershipUser.IsLockedOut property).

If that is the problem, you need to implement the MembershipUser.UnlockUser method (let me know if you need help with this part as well). Then you can just use code like this:

MembershipUser usr = Membership.GetUser(userName); //userName is a string variable containing the username you're trying to unlock
usr.UnlockUser();

If this is not the problem, let me know and I can Edit / Delete this Answer.