Custom ASPNetMembership FailureInformation always null, OnValidatingPassword issue

Question

As stated here http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.onvalidatingpassword.aspx

"When the ValidatingPassword event has completed, the properties of the ValidatePasswordEventArgs object supplied as the e parameter can be examined to determine whether the current action should be canceled and if a particular Exception, stored in the FailureInformation property, should be thrown."

Here is some details/code which really shows why FailureInformation could be null http://forums.asp.net/t/991002.aspx

According with my Membership settings i should get an exception that password does not match password security conditions, but it is not happened.

Then i did try to debug System.Web.ApplicationServices.dll(in .NET 4.0 System.Web.Security located here) Framework Code to see whats really happens there, but i cant step into this assembly, may be because of this [TypeForwardedFrom("System.Web, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a")] public abstract class MembershipProvider : ProviderBase

Easily i may step into any another .NET 4.0 assembly, but in this one not. I did check, symbols for System.Web.ApplicationServices.dll loaded.

Now i have only one idea how ti fix it - to override method OnValidatingPassword(ValidatePasswordEventArgs e).

Thats my story.

May be some one may help:

1) Any ideas why OnValidatingPassword not working?

2) Any ideas how to step into it?

Answer 1

Have read this http://forums.asp.net/t/991002.aspx one more time. Here is my solution

    //Override OnValidatingPassword
    protected override void OnValidatingPassword(ValidatePasswordEventArgs args)
    {
        //Any logic to process password validation conditions
        //e.g:
        if (args.Password.Length < MinRequiredPasswordLength)
            args.FailureInformation = new ArgumentException(String.Format("Password is too short, min password length {0}", MinRequiredPasswordLength.ToString()));

        if (args.UserName == args.Password)
            args.FailureInformation = new ArgumentException(String.Format("Password should not be equal to username"));

        //Also here could be any logic to throw an exception if needed
        //e.g:
        if (args.FailureInformation != null)
            throw args.FailureInformation;

        //Calling base
        base.OnValidatingPassword(args);

        if (args.Cancel)
        {
            if (args.FailureInformation == null)
                args.FailureInformation = new ArgumentException(String.Format("Custom Password Validation Failure for password '{0}'", args.Password));

            throw args.FailureInformation;
        }
    }

Answer 2

You don't have to override the OnValidatingPassword method but as the documentation say you need to handle ValidatingPassword event. Check MembershipValidatePasswordEventHandler.

Use the .NET Reflector and inspect the ChangePassword method of SqlMembershipProvider class. You will see the SqlMembershipProvider doesn't have any handler registered for ValidatingPassword event.

So what I am thinking is in your custom membership provider's OnInit you register to Membership.ValidatingPassword and in the handler you do your coding. The sample example in the link above.

Hope I am not misunderstanding your question.

Answer 3

Your question seems to indicate you're using a Custom Membership provider? So I assume you're implmenting MembershipProvider directly?

class MyMembershipProvider : MembershipProvider{...}

In that case, OnValidatingPassword is never automatically called...you have to call it yourself.

So, basically I'm confused. Could you please clarify your setup? Are you using a default membership provider or a custom one? If custom, which class are you inheriting from?

As for looking at the code, you can use Reflector to do it.