« Previous Next »

• 02-08-2009, 5:46 PM

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10

  Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact I am always getting an erro 530 - User Cannot Login: Win32 Error: bad username or password when I try to authenticate from the local host or any host on the local or external nets. I did uninstall the default FTP service, installed the out-of-band FTP7, and also installed the rollup/kb fix for Asp.Net Roles.  FTP6 is also not installed. Running W2K8 x64.  I am adding an FTP7 site to an existing web site that already has asp.net membership working fine against a SQL server (separate machine).  Those permissions to allow asp.net membership work great.  Existing web site was using Classic App Pool to support telerik's Rad Upload control but I also tried changing the app pool type to Integrated. After every change I am sure to always restart the IIS7 website and FTP7 site.  I have also tried the draconian reboot a couple times after changes just to be sure. I followed the article step-by-step here: http://learn.iis.net/page.aspx/389/configuring-ftp-with-net-membership-authentication/ I added the magical GlobalFtpSite/ftpsvc section to the proper root web.config For authorization, I only have AspNetAuth enabled (both Basic and Anon disabled but I have also tried enabling them).  For authentication, I have tried every combo.  Anonymous lets me in as expected but whether I restrict to All Users, or specify a user or specify a role for a user, I always get Error 530 with a further Win32 error of bad username or password (further details only show up on localhost attempts). I have SSL off but have tried it both ways. Since the FTP7 site is configured as part of the working asp.net membership site and using the same custom providors, I cannot see why the website auth would work and FTP7 would not. Is it possible that the magical GlobalFtpSite/ftpsvc section causes IIS to require some other rights to get to the SQL machine other than Network Service? Are there any walkthroughs that show how to add FTP7 and asp.net membership auth to an existing web site that already has auth working?  (the tutorial link is based on localhost, local sql, and recreating the aspnetdb tables along with setting up new custom providers, which I did try BTW but that made no difference either.) Any help would be appreciated.  FTP clients include MSFTs, CuteFTP, SmartFTP, etc.  All the same issue.  Thanks In Advance.

  Tags: FTP FTP7 ASP.NET MEMBERSHIP PROVIDER

• 02-08-2009, 7:21 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10	Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact Just to add one other point:  I tried all this with the firewall down.  Cheers and Thanks.

• 02-11-2009, 1:32 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10	Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact bump

• 02-11-2009, 1:33 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10	Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact bump
  	Tags: ftp7

• 02-12-2009, 2:29 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10

  Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact Good news.  I found on some other forums the idea of running "logman.exe -ets" before attempting the authentication from localhost and I got back a much more verbose error of:  "you must specify a non-autogenerated machine key to store passwords in the encrypted format" So this is good news and a much more helpful error than "bad username or password".  But, my membership is configured for Encryption of AES for passwords and the machinekey IS PRESENT in the web.config file and works fine for pw retrieval and changes etc for the web app.  I am guessing that the problem then is that FTP7 which is running on the same website does not load the website's web.config file and therefore cant find my machinekey entry. So, I know someone can answer this next part: Where does FTP7 look for the machinekey?  In the magic root web.config?  If so, inside what tag should I place it? Thanks -r

  Tags: Error 530ftp7machinekey

• 02-12-2009, 3:10 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10

  Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact In continuation of my monologue: I tried placing the machine key entry inside the <system.web></system.web> of the root web.config file located in "%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config" and rebooting. Still no luck.  The machine key looks like this: <machineKey decryptionKey="******,IsolateApps" validation="AES"  validationKey="*******,IsolateApps" /> Is there an issue with IsolateApps or the way it is written? Also, can someone please tell me what the latest version of logman.exe is?  I am running ver 6.0.6001.18000 which i think came with W2K8x64 but the article here infers that a newer version which supports switches such as logman start "ftp" -p "IIS: Ftp Server" 255 5 –ets (see article at http://blogs.iis.net/sudt/archive/2008/08/28/collecting-etw-traces-for-ftp-sessions.aspx).  -p appears to be an invalid switch for ver 6.0.6001.18000

  Tags: Error 530ftp7logman.exe

• 02-12-2009, 4:58 PM

  In reply to

  JaroDunajsky Joined on 04-19-2005, 10:23 PM Redmond Posts 168

  Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact You have the right logman, but the dash is wrong in you command line. This is one of my "favorite" features of Office tools to replace good dash  character with the good looking dash character which looks almost identical and it makes it almost impossible for victim to tell why their command line is wrong. I would try to run logman again in manually replace all the dashes you encounter Regarding the "Asp.Net membership" and FTP. You have to realize that publishing feature for a site has different requirements than site/application itself. Since FTP allows to publish web.config files, it cannot depend on them itself. So FTP cannot directly use membership provider specified for application (Catch 22). Another limitation is that FTP only supports single appdomain.   Jaroslav Dunajsky (MSFT, IIS)

• 02-12-2009, 7:16 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10

  Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact Thanks for the hypen tip.  I retyped it instead of copying it from the web page tutorial and the logman.exe works like a champ now. FTP7 is returning the ErrorCode=0x8007052E As far as I know there is only one AppDomaon since I just have one site running and looking at Application Pools I can see that of the various app pools started, only 1 has any applications listed and that is just 1 application for the entire server, and the FTP 7 Publishing is enabled for just that one site.  How can I tell for sure that its all set to a single AppDomain ? Also, i follow your catch 22 listed above, so it sounds like I need to copy that same <MachineKey> entry to the root web.config or another location for FTP7 to find it.  But where?  I have tried the root without success. Has anybody been able to get FTP7 to authenticate an aspnetdb membership where there is a set MachineKey in use for encryption?  Or is this path I am going down totally irrelevant to my problem? The FTP site currently has user isolation turned off so everything should map exactly as the web site does.

• 02-12-2009, 7:19 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10	Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact I also have seen some posts suggesting this: Username: appdomain|myusername Password: pw But those posts are talking about when you have multiple appdomains.  If I either have just one or get down to just one, do I still need that format?

• 02-13-2009, 5:44 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10

  Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact My investigation continues: I tried on a clean install of W2K8x64 w/FTP7 and the kb fix installed.  Stepped through Rob McMurray's tutorial line-by-line and still the same error.  I only made the db connection string modifications to connect to the SQL Server machine. I have noticed that in the magic xml for the root web.config that he forces FtpSqlMembershipProvider with  passwordFormat="Clear". This must be the problem, since my own asp.net membership has passwordFormat="Encrypted".  I tried changing it in this root config to Encrypted and placing the machine key there but it still doesnt work. Maybe Rob McMurray or someone from the FTP7 team can tell us if encrypted passwords will work at all or if only  passwordFormat="Clear" works as in his tutorial...?  Or if encrypted, where the MachineKey should reside in the root web.config? Is the only way to do this to unencrypt my entire (and large) membership database password fields, repopulate them and reset to passwordFormat="Clear" ? I'd hate to have everybody's passwords sitting in the clear like that and it's a bit of work to go through just to even test this theory.  Any advice?       <location path="GlobalFtpSite/ftpsvc"> <connectionStrings> <add connectionString="Server=localhost;Database=aspnetdb;Integrated Security=true" name="FtpLocalSQLServer" /> </connectionStrings> <system.web> <membership defaultProvider="FtpSqlMembershipProvider"> <providers> <add name="FtpSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FtpLocalSQLServer" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" /> </providers> </membership> <roleManager defaultProvider="FtpSqlRoleProvider" enabled="true"> <providers> <add name="FtpSqlRoleProvider" type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.0.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="FtpLocalSQLServer" applicationName="/" /> </providers> </roleManager> </system.web> </location>

  Tags: ftp7

• 02-13-2009, 6:55 PM

  In reply to

  bokabunara Joined on 02-08-2009, 5:33 PM Posts 10

  Re: Always getting Error 530 on FTP7 and ASP.NET Membership Reply Contact Well, okay, I am wrapping up my monologue: I manually altered a test user in the aspnet_Membership and aspnet_User tables.  I changed the PasswordFormat from 2 to 0, removed the salt, and manually entered a clear text password. Guess what, it works now and I can log in as that user.  So the problem is most definitely that FTP7 does not seem to be capable of handling ASP.Net Membership with Encrypted Passwords in the membership database. Someone please prove me wrong since this makes the ASP.Net Membership all but useless in real-world scenarios for FTP7. Is there a work around or a fix we can expect in FTP 7.5 ?

  Tags: ftp7ASP.Net MembershipFTP7.5Encrypted Password