We have 2 mojo sites we use at work, and the old IT guy was let go a few months back, so now it's just me.. We locked down the login pages for our mojo sites, and since then have migrated all servers, etc to a new domain..

At first, we placed windows authentication on the secure/login.aspx page so that only valid domain accounts could even get to the login page. This no longer allowed anyone to log back on even after going through the windows authentication. I was fine with this for the time being, but now we need to update content, etc.. I removed the windows authentication from the login.aspx file security settings. I am using Windows Server 2003 and IIS. The DB is a SQL 2005 DB. Do i need to do anything regarding the databases and accounts

Now, I can see the passwords in clear text in the user table, and can confirm the usernames, and also that the account is not locked.. When I try to log in, I cannot. I just get login failed on the login page. if I screw up on purpose the account will lock out and that error message is displayed. I can manually change the value for IsLocked back to false, and try again, but get nowhere.

When I looked into the web.config file for the sql connection string, it was the original entry listed there. In user.config, I see:

<add key="MSSQLConnectionString" value="Data Source=(local);Initial Catalog=web;Integrated Security=True"/>

I assume this overrides the web.config entry which is default.

For the site itself we are using standard accounts, not email addresses. I am not using the AD integrated authentication abilities of mojo. The site will display properly and can be viewed. it cannot be loged into. My currentlog.config is not logging anything or being recreated after I renamed the existing one.

I am still new to mojo, and would love to continue using it. Any help would be greatly appreciated!!

I checked and the password format is set to 0 in the mp_sites table.

The site is a public facing site on the internet.

By "placed windows authentication.." I meant in IIS we went to the directory security tab as you have mentioned, and selected to add basic authentication i believe. This would cause the user to get prompted for windows authentication when they clicked the sign in link on the site.

From IIS, I selected the entire site and changed the directory security (within IIS) to allow anonymous access and to use integrated windows authentication. I have no other boxes checked. Digest was selected, but I removed that setting, and I also chose the option to overrride the subdirectories when prompted.

As for file permissions (NTFS), I believe I have them set correctly based off what I saw in the installation instructions on this site. I added the aspnet, IIS_WPG, and network service account as read acces in the ntfs permissions for the site directory. I have given write access to the data folder for these accounts as well. I have also forced the permissions to apply to child objects, etc..

I can enter the username and password I have.. and just still get login failed. Then the account locks out. I know I am entering the password correctly. I have reentered it manually into the database once to set it, and other times i copy it from the DB itself. Also, The same thing happens with another account I have been trying with. That one I have not touched within the database, other than changing the islocked value to false.

Is there some kind of database user or something I may be missing here? The site and database were created on an old domain which no longer exists, so some of the sql db users may be invalid? Also the currentlog.config file recreated itself and there are no errors in it. Teh contents are below:

2008-12-09 16:35:40,255 [14844] INFO mojoPortal.Web.Global [(null)] - Global.asax.cs Application_End
2008-12-09 18:20:41,581 [12732] INFO mojoPortal.Web.Global [(null)] - Application Started.
2008-12-09 18:41:04,316 [14356] INFO mojoPortal.Web.Global [(null)] - Global.asax.cs Application_End
2008-12-10 12:33:13,123 [12352] INFO mojoPortal.Web.Global [(null)] - Application Started.
2008-12-10 12:40:41,723 [12352] INFO mojoPortal.Web.Global [(null)] - Global.asax.cs Application_End
2008-12-10 12:42:36,429 [12352] INFO mojoPortal.Web.Global [(null)] - Application Started.
 

I appreciate your help SO much!

Thanks.

Yes, the result was the same after removing the basic authentication.

Getting closer tho!!! I was just able to login, but only using the email login admin@admin.com. If I enter a regular username, it gives the error message that I have not entered a valid email address. But the admin@admin.com got me in and I can edit content on this site now. I just changed the setting to allow password changes and to not use email for login, so i am now working over here!!

UseLdapAuth was set to true, which I changed to false. There is info for the rest of the fields like server, etc.., but when I tried to change them from within the mojo site setup, I was redirected to an html error page when trying to save changes. Should I just remove these entries manually from the DB? I recieved the same error when trying to update my account info.

The error page read:

"We're sorry but a server error has occurred while trying to process your request.
The error has been logged and will be reviewed by our staff as soon as possible. It is possible that the error was just a momentary hiccup and you may wish to use the back button and try again or go back to the home page."

In web.config, the forms authentication info is there.. There, but in the code there, my line matches your except after path="/" I do not have the cookieless="UseCookies" portion. Should i add it?

The section: <anonymousIdentification enabled=.. is identical to what I have in my web.config.

I do not see the MP_Hosts table in the DB at all.

My mojo version is 2.2.4.6.

Thank you so much for your help!!

Awesome!

Thank you so much again for your help!!