What type of security provide are you using? - > single, list, database?
Database
Then if it reports wrong user data, probably it really receives wrong data.
Please double check if you properly selected the database columns for user/password.
I have selected the correct table and included the login fields id, username, password
Could it be that the script is expecting id as well?
@diggybob no. The login only expects username and password.
Maybe you are just entering wrong data ā¦
I have taken a screen shot of a selection of usernames and passwords from the table and none of them work I just always get āUnauthorizedā for any.
I think I will go back to the start and build a second version from scratch making sure I am exact at every step in case I have left some rubbish script in there somewhere.
Hi Teodor
I have totally rebuilt the app about 4 times and always end up at the same place. Unable to login against the MS SQL database.
I have followed the instructions on the Wiki to the letter but still no luck. Previously I was getting no response from the form submission, now all I get is the Unauthorized Alert even though I am using the correct MS SQL credentials.
I am now convinced that the problem is not with the Wappler code but with the server itself. For some reason it is not allowing any attempt to Authenticate from my Wappler code. I have been onto the server IIS control panel and tried changing the Authentication settings, trying every possible combination. With some of these changes, I get a second Windows login form pop up over my form which also does not work. However now at least I do have the Alert running.
It seems that the Server is not testing the login against the database at all and is trying to authenticate as some form of local login.
For now, further development on my site must cease as the user login is the most fundamental part of the portal. I realise I can revert to a classic asp solution such as a pass-through page with a hand coded database lookup, session settings etc. much as I currently do but this means that Wappler would be of little help to me over say Dreamweaver.
I have now run out of ideas so if anyone else out there has faced this issue and found a solution I would love to hear about it.
Test site login pageā¦
Hi @diggybob
You should not enable this feature, it has nothing to do with the login form and login action you created. Please set your server settings back to default, so we can test what is wrong with your login action.
Hi Teodor, this was only one of the IIS setting changes I tested, the server is in fact set back to default settings and still I only get Unauthorized
What i meant was - to remove the dialog from the server asking for authorization. I see you removed it now.
Please zip and send me the following file: dmxConnect/api/login/englogin.asp in a private message.
I am planning to duplicate the app on different web servers/datbases and test again using different SQL servers and tables to see if I get the same result. I have 4 web servers running and 3 MS SQL installations which I control so by cross-testing I should be able to rule out server/ MS SQL config like this.
I donāt think itās really server related. We will check the issue in the code, please just send me the file i requested.
I think I sent the zip file privately, not sure I did this correctly though.
For anybody else following the topic.
It seems @diggybob clients are using a badly designed database table, which uses char(10)
and char(20)
field type instead of varchar(10)
and varchar(20)
for both username and password, which causes them to be stored like:
"id": 1,
"user_name": "user1 ",
"password": "password1 "
}
These empty spaces are then causing problems, as when you enter your username and password they donāt match, simply because you donāt enter 10 empty spaces after the username/password in the login form.
So thatās why the login form was not working on his site.
Can I just comment on this, in my opinion you should NEVER store passwords in unencrypted form. Most common encryption methods produce a fixed length encrypted password
For example
md5() = 32 characters
SHA256() = 64 characters
SHA512() = 128 characters
In each case varchar will work perfecly but as the length is fixed, a char of the exact length has some, abeit small, performance benefits
HOWEVER this only applies to fixed length passwords
I donāt think @diggybob stores the passwords there. In our private conversation he explained that itās just his clients database that he connects to and he doesnāt have access to their system.
Fair comment @Teodor, i wasnāt criticising @diggybob specifically, just making a general comment to everyone about password storage and field types. Itās not my place to judge anyone, only to give advice where i think it appropriate.
Yes, of course Brian your advises are always welcome!