I am using Visual Studio 2015 to install the umbraco through nuget. I have setup and running the demo site and logging into the backoffice screen. The next day I go and run the site again and try to log into the backoffice but i can't log into it. Assuming my password typed wrong. I went to 'forgot my password' page to reset my password but ican't receive any email from it.
I looked at the database but the password was hashed.
How do i get the password.
Forgot password e-mail won't be sent if you haven't configured SMTP settings in your web.config file. But the problem is probably caused by different things e.g.:
DateTime change between system and database - it may cause problems with synchronization.
System files permissions (e.g. I'm struggling with Windows problem now which is resetting my user permissions from time to time... thanks Microsoft... and I'm unable to authorize my users in the backoffice from time to time).
If it's anything from above list, you need to perform additional checks and steps to solve the problem. But starting from resetting the password, the easiest way to solve your problem may be to use this simple, little package: https://our.umbraco.org/projects/developer-tools/umbraco-admin-reset/ (DLL basically). When you'll place this DLL in the /bin directory, during the app startup, it will reset your base user (with ID = 0) to login: Admin and password: Admin1234!.
First make sure you are using the email address you entered during the install as the username, this has caught me out a few times before. Check in the database that the [userLogin] matches the username/email you are trying to login with. It's incredibly misleading (in my opinion) for newcomers to Umbraco that the [userName] column is really the users name and not the username.
If that doesn't help, check your browser console for errors - you may see a an error along the lines of 400 (Bad Request) in which case I would refer you to this long thread on the forums which has lots of options to try and resolve the error:
https://our.umbraco.org/forum/umbraco-7/using-umbraco-7/50407-Login-failed-for-user-in-Umbraco-7
The one that has worked for me in the past is by adding the following in my web.config:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
It's not advisable to leave this in your solution when it moves to production though as you will probably want tighter control over the allowed access control methods.
Related
So we just started a website (poweronfilms.com). We only have 2 accounts so far. Josh (the superuser) and me. I am marked as an administrator. For some reason, every time I try to log into the frontend, it just reloads the page. If I put in false credentials, It tells me I have the wrong username/password. But If they're correct, it doesn't do anything. I can still log into the backend just fine though, and it tells me I'm logged in to the site, but I can't access it. Our superuser can still log on.
The most probable reason that it gives error for wrong credential but for valid credential it's not allowing you to login is might be because you have set wrong cookie domain in configuration.php
public $cookie_domain = '';
Recheck that setting, if it points to correct one or try with blank.
There's a myriad of reasons of why you are redirected back to the login page without any error, it might be:
Unwritable tmp and/or logs folder
Non-empty cookie domain
Forced caching in the .htaccess file (see here )
Invalid session handler
The above list is not exhaustive.
I created a blank MVC 3 application on VS2010 SP1, and set the app to use IIS Express. When I debug, I get error 500.0 (0x80070585)
I am able to succesfuly run the app using the VS dev server
I have set the app directory to Full Permissions for Everyone, just to eliminate all possibility of security issues. I have further verified that IIS express is able to hit the web.config by confirming it using SysInternals ProcMon. ProcMon does not show the IISExpress process attempting to read from any other files in my application directory.
I have followed the suggestions in the following question, but it does not give me any better information. HTTP 500 Internal Error - IIS websites
No logs are generated in the IISExpress directory in either the Logs or TraceLogs directory, but a log is created in Temp, however it is not very useful.
Successfully registered URL "http://localhost:62017/" for site "MvcApplication1" application "/"
Registration completed for site "MvcApplication1"
Request ended: http://localhost:62017/ with HTTP status 500.0
Request ended: http://localhost:62017/ with HTTP status 500.0
Request ended: http://localhost:62017/ with HTTP status 500.0
There are no messages I am able to find in the Event Viewer
**Updates : **
Disabled firewall, no change
Ran IISExpress via command line, no change
I had the same issue last week, the app running perfect in dev web server from VS Studio. But in IISExpress anytime HTTP Error 500. My solution on this time was:
close VS Studio - solution set with IISExpress
got to: /Document/IISExpress/config/ in your profile
rename or delete applicationhost.config
open your solution in VS Studio
a Dialog will fire up from IISExpress - this will set a fresh config.
try to run your web app
You may have some mime code in the Web.Config file like this:
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
if so, you should remove mimeMap before adding like this:
.
..
...
....
</system.web>
<system.webServer>
<staticContent>
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
</staticContent>
</system.webServer>
....
...
..
.
This may be related to a conflict between the IIS Express applicationhost.config and your web.config.
A mimeType was added to my local web.config that was already present in the applicationhost.config and IIS Express started serving many 500 errors.
You may also notice this error in your Windows Event Log, "The directory specified for caching compressed content is invalid. Static compression is being disabled."
More info: http://blog.degree.no/2013/04/the-directory-specified-for-caching-compressed-content-is-invalid-static-compression-is-being-disabled/
I removed the mimeTypes from the web.config and the issue was resolved.
applicationhost.config location: C:\Users\[User]\Documents\IISExpress\config
reinstalling iis express appears to have resolved this problem
Are you using any PLINQ(.AsParallel) or Parallel.For or similar methods? I've found that the AggregateExceptions they throw aren't handled well by MVC (In my case, I got a blank 500 page and nothing in Logs/Event logs).
I identified the problem by paying attention to the "First Chance" exceptions which are logged in the Debug output window in VS. Try running the site, waiting for it to error, clearing the Debug window and the reloading the page. Do you see anything useful?
There might be a problem with your config files, specifically web.config and applicationhost.config.
The only way I know how to diagnose this, is to publish a build to regular IIS, and in IIS Manager check the "Error Pages" module of the Site. If it is indeed an issue with those config files, you'll get a popup here with something along the lines: "Cannot add duplicate entry of type …". Google accordingly.
If the "duplicate entry" is of type "error", you can try adding the following element below httpErrors:
<remove statusCode="404"/>
That is, assuming you have an Error element below the HttpErrors with statusCode 404. (I had once.)
In my case the issue was caused by using windows authentication + firefox + wrong domain login with insufficient permissions.
Details:
My dev machine is using windows domain "domA", the application will run in an environment accepting logins from domain "domA" and "domB". While on the webserver both will work, on my dev machine only my account in "domA" has sufficient permissions to access all files of the application. In IE "domA" is used by default while in FF I get a login dialog where I did login with my account from "domB".
Confusing issue I know, but maybe there is someone else having the same situation. At least it will help me the next time I run into it. :)
Just in case catches someone else out, I had similar error but the issue was I had updated my web.config and there was an extra ">" character where it should be.. so malformed web.config file can cause the same behaviour.
I have magento installed in a subdirectory. www.domain.com/subdir/magento
This site worked perfectly at one point. I changed nothing, until my client said he couldn't login to magento admin.
I logged in just fine from my computer, but on his computer it just redirected back to the magento admin login without an error message and a url that looked goofy like this:
http://domain.com/subdir/magento/index.php/admin/index/index/key/3097210b826ac4a86d7531cb4089c9d0/
I thought that his cookies were being blocked, but that was not the case.
My magento settings were secure/unsecure baseurl: http://domain.com/subdir/magento/
web cookie path: (blank)
web cookie domain: (blank)
After clearing out var/cache, I found that I myself could not login to the admin either, with the same exact issue.
I tried the following settings without luck:
path: /
domain: domain.com
path: /subdir/magento
domain: vigrond.com
I also tried commenting out those lines in Varien.php, but that had no effect either.
My server account is a VPS and it has plenty of free space.
So I'm pretty much lost, wondering why this happened in the first place when it worked before (didn't change anything), and why it's so complicated?
Any help appreciated
If a login error message ("invalid password", etc.) isn't being displayed it's almost always a session cookie problem. In order to rule it our entirely, use Use your browser's cookie viewer and/or your favorite HTTP traffic sniffer and check
That all the cookies have proper expiration dates after being set
That the session cookie has a consistent token name/value for each request
That PHP, when running through Magento, has the various session lifetime ini settings at a reasonable value
That PHP can write to whatever it's using as a cookie storage medium
That the server's time matches the real time, and that PHP itself has a timezone set
Find app/code/core/Mage/Core/Model/Session/Abstract/Varien.php. in your Magento install folder. Comment out the lines (see below) 80 to 83. The line number may vary.
// set session cookie params
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath()//,
//dependes which versin of mage you are using, you may comment these as well
//$this->getCookie()->getDomain(),
//$this->getCookie()->isSecure(),
//$this->getCookie()->getHttponly()
);
This is caching issue. Which recently Magento community confirmed that is sorted but it is not. :)
Just clear your cache and do this steps it should work anyway.
Comment this lines also
// if (!$cookieParams['httponly']) {
// unset($cookieParams['httponly']);
// if (!$cookieParams['secure']) {
// unset($cookieParams['secure']);
// if (!$cookieParams['domain']) {
// unset($cookieParams['domain']);
// }
// }
// }
//
// if (isset($cookieParams['domain'])) {
// $cookieParams['domain'] = $cookie->getDomain();
// }
Make sure you have cookies enabled in your browser, try a number of
different browsers including Safari or Opera. Chrome will give some
problems and you need to remember to clear you cache in Chrome after
making changes!
Make sure you file permissions are set to EVERYONE - FULL CONTROL for Windows and 777 for your Mac/Linux environment If all that still doesn’t work you can try this: (I do not recommend this solution for a production version of Magento, but for you local test enviroment this will work.)
Check the version of php you are using. If you are using recent Magento try to find which version of PHP and extensions requires.
More details
Did you erase the session storage in var directory?
In my case, when I was playing with autorization for multistore on subdomains (changed path and domain for cookie as you did), this method helped me to drop the "bad" cookie and sucessfuly logined in admin:
In apppath/var/session directory I've made command in shell (be careful with path, this could delete all the files in the directory)
rm -rf /path/to/magento/var/session/*
And then just clean the cookie for domain in browser.
I was fighting with this issue today on my local server. I couldn't login using any browser. I really didn't want to comment out any lines in core files or doing any other "dirty" solutions.
Firstly I checked cookie set by browser. It had expiration set to 1970, so clearly it was a cookie problem.
I checked values for cookies in magento database. In phpmyadmin I found table core_config_data, then fields with values : web/cookie/cookie_domain and web/cookie/cookie_path. They were both blank.
My solution was to set:
web/cookie/cookie_domain to my domain name
and
web/cookie/cookie_path to /.
Example:
your domain where you run magento is magento.local
set:
web/cookie/cookie_domain = magento.local
and
web/cookie/cookie_path = /
I never resolved the issue. But I wiped the clients computer and reinstalled windows 7, and it worked. It was very strange that it didnt work before as he was not behind a proxy, did not have ad ons or viruses. And the issue reproduced in each of his browsers (chrome firefox and IE). It was not a router issue. It was a windows issue, but I couldn't tell you what exactly was causing it. It was not the internet security settings either, as I checked those. Also checked the host file. As I said before, very baffling
I had the same problem, but I was working on XAMPP on windows 7 x64.
In Magento system - configuration - web - session cookie management change Use HTTP Only to no and Cookie Lifetime to 86400.
I only changed the Cookie Lifetime just in case of daylight saving time may not have to be changed.
Before the changes I could only login using Firefox and after the changes all browsers work.
Leave Cookie Path and Cookie Domain blank.
Check the cookie configs in core_config_data table and check if your session is being saved on db. In my case, someone just changed the cookie domain and the cookie path with a wrong value.
You can also check this on the node in your app/etc/local.xml.
If it's on db, maybe you should change do files to be able to clean the session data directly on var/session dir.
Delete cookies (related to your domain) from your browser setting.
I was facing the same issue and at the end i found that it was due to full disk space and due to this Magento was not able to create sessions file in the var var/session folder. After cleaning up log files that issue was resolved.
Also, you can update the password in the database if everything else from above didn't work and you need desperate access:
UPDATE admin_user SET password=CONCAT(MD5('qXpassword'), ':qX') WHERE username=‘user’;
replace user and password words according to your needs.
If nothing works, make sure the disk quota is not exceeded. The new session cookies created under ./var/session will be zero bytes length if disk quota for the user is exceeded.
In Case, that you dont see any cookie named "frontend" or "adminhtml", when you reload the page, the Magento cookie wasn't set. In my case I have a wrong cookie_domain.
I used "null" instead of "NULL".
As I set my cookie_domain to NULL in core_config_data, the problem was solved
I have migrated a website to cloud, which works perfectly on my local machine using the Compute and Storage Emulators.
However, when I put it onto Windows Azure Cloud, the session and cookies are not working fine. Part of web.config file is given below.
<sessionState timeout="30"
mode="SQLServer"
sqlConnectionString="Server=sxxxxxxxxx.database.windows.net;User ID=xxxxx#sxxxxxxxxx;Password=MY_PASSWORD"
cookieless="false"
allowCustomSqlDatabase="true" >
</sessionState>
Can anyone please guide be in correcting the same ? All the other things in the website are pretty much working fine.
Below is some additional information:
To summarize, I have done the following.
Migrated a website to Windows Azure successfully
Created the required connection strings for the database access successfully.
Tested the website on the local machine using Compute Emulator and Storage Emulator.
When I published the website and uploaded the packageFile and configurationFile, everything was working fine in general. BUT
for the pages which used session/cookies. All static pages worked well. All database access were proper.
Then, I wrote some code for setting right the session.
GOT ERRORS AND ENTIRE WEBSITE STOPPED WORKING
Created the database and tables that were required (ASPSTATE database and its corresponding tables). Everything went well.
http://blogs.msdn.com/b/sqlazure/archive/2010/08/04/10046103.aspx
Tested the website ... Still getting the error on local and on cloud...as mentioned previously in this post.
Can you please guide me to rectify this.
.Hey guys,
Thanks for the replies. I modified the session state in web.config a little and its as below
<sessionState cookieless="false" mode="SQLServer"
sqlConnectionString="data source=serverName.database.windows.net;user id=UserID#serverName;password=password;Trusted_Connection=False;Encrypt=True;"
timeout="20"
allowCustomSqlDatabase="true">
</sessionState>
Now its working fine.
Regards
Sandeep
I assume that the SQL Server Session State Provider isn't throwing an exception, just not keeping state?
You'll be aware that a cookie is used to hold the session ID, so it may stem from a general cookie problem.
Are you doing anything unusual with domain names? I'm just wondering if there's a domain mismatch between the cookies and the URL through which you're accessing the site, meaning that the cookies don't get presented on subsequent requests.
Of course, it's also possible that a security limitation is preventing your browser accepting the cookies, but you'd likely have noticed that as an issue before now!
Recently the search crawler stopped working on my MOSS installation. The message in the crawl log is
Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content. (The item was deleted because it was either not found or the crawler was denied access to it.)
The default content account is an admin on the site collection that I am trying to crawl.
Almost every result for this error on Google tells me to add the DisableLoobackCheck registry key with a value of 1. I have done this and rebooted and the error continues.
The "Do not allow Basic Authentication" checkbox in my crawl rule screen is unchecked.
Is there anything else that could be causing this error? Something with file system or database permissions maybe?
Edit: All signs seem to indicate that the "DisableLoopbackCheck" should fix this, but it doesn't seem to work. Could I be doing something wrong when I enable this?
I'm doing it in My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, where I create a new DWORD key called DisableLoopbackCheck and give it the hex value 1.
It turned out not to be related to DisableLoopbackCheck. The problem was that the search was accessing the site through its external URL. You are supposedly not supposed to be able to access a site from within a server using the same URL that you use to reach it from the outside, at least in pre-SP1 MOSS. But I was doing this for about two years somehow. MS Support tells me they don't quite understand how it was ever working. So it looks like I ran into an issue that should have been manifesting all along. I'm not sure what caused it to appear suddenly, maybe some routine patching of the server. The solution was to extend the web application so it was accessible internally through the machine name, then point the crawler at that.