asp.net wrong password just logs me in

Question

i have a simple website with asp.net membership authentication, so some reason which ever password i type for any user just logs me in. Whether i type fffffffff or 55555555 as the password for any user, am just loggedin.

The wasn't behaving this way just 1 day back. Any ideas what could be wrong, or where i should start troubleshooting from?

the website is just still on developer machine, its not a live site. — Katu, Sep 21 '10 at 10:57
exact duplicate of http://stackoverflow.com/questions/3758462/old-password-still-working-after-password-change-in-asp-net-membership. @Katu - ask the question once. — RPM1984, Sep 21 '10 at 11:03

score 2 · Answer 1 · answered Sep 21 '10 at 11:13

Make sure you have:

<configuration>
  <appSettings/>
  <connectionStrings/>
  <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
  </system.web>
</configuration>

in your Web.config and not:

<allow users="*"/> or <allow users="?"/>

to ensure that you're not allowing anonymous access.

score 1 · Answer 2 · answered Sep 21 '10 at 10:57

1

check the webconfig as see if you have the code to prevent anonymous users loggin in and to redirect them....

answered Sep 21 '10 at 10:57

chugh97

9,602
25
89
136

asp.net wrong password just logs me in

2 Answers2