Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    Only Administrators can log in

    Scheduled Pinned Locked Moved Support
    proget
    16 Posts 1 Posters 34 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      If you run the ProGet.Service.exe, then you'll be able to reset the password with one of the options.

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        Hi,

        sorry, I think I have not made clear the problem. It's not a problem of forgotten passwords or the like. The server is up and running for long time. I have

        1. Users who are member of the administrators group. These users can log in and everything is good.
        2. User that are member of any other group (= users who are not member of the administrators group). These users cannot log in since this morning.

        There were no changes on the system. Nothing! When I try to log in such a user with a - by itention - wrong password, i get the message "Your login attempt was not successful...". That is expected and ok.
        When I use the correct password, the screen reloads, I'm still (or better - again) on the login page and i can enter my credentials again. That is the problem. Until yesterday, a login was possible, since this morning not. It's pretty unlikely that 20 user forget their passords over night. There must be a technical problem and since I cannot see an error message when I log in as administrator (administration page says "There are no recent errors."), I ask you what I can do to figure out the problem.

        Best regards,
        Joachim Roppert

        1 Reply Last reply Reply Quote 0
        • ? This user is from outside of this forum
          Guest
          last edited by

          Did a bit more investigation so I get add an additional info:

          Seems users with LegacyPassword_Indicator set to "Y" in the ProGet DB Users table can login, the Users with LegacyPassword_Indicator = "N" cannot. What is a legacy password? What can be the problem?

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            I had exactly the same issue, but after assigning privileges to a user group I was able to login.

            So the things I did to get it working:

            • create a group, i.e. "developers"
            • create a user belonging to the group developers
            • assign "developer" privileges to the group developers

            Of course, the next time I would assign privileges before creating users ;)

            Best,
            Yvette

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              Hi Yvette,

              thanks foy your feedback. I've tried exactly the procedure you've described but unfortunately, the problem remains the same.

              So we're still a bit lost and think about replacing ProGet with a file share since it's currently just unusable :-(

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                Seems users with LegacyPassword_Indicator set to "Y" in the ProGet DB Users table can login, the Users with LegacyPassword_Indicator = "N" cannot. What is a legacy password? What can be the problem?

                We changed the way hashing was performed in 3.5, so a Legacy Password is one that's hashed in a pre-3.5 manner. When a user logs-in with a Legacy Password, the existing password is re-hashed, saved, and the LegacyPassword_Indicator is set to N.

                It's possible there's a bug with this behavior, but this would have impacted a lot of other users too, and this is the first report.

                I suspect it's related to privileges, so I would diagnose by giving everyone admin, or a specific user all privileges, then working down from there. You can also try to create a new user, and then see if that user can log-in with admin privileges.

                1 Reply Last reply Reply Quote 0
                • ? This user is from outside of this forum
                  Guest
                  last edited by

                  May it be a problem that I've jumped over some releases and updated from 3.4.7 to 3.8.6 directly. I did that end of last week so it could be possible that the update is related to the issue.

                  1 Reply Last reply Reply Quote 0
                  • ? This user is from outside of this forum
                    Guest
                    last edited by

                    Maybe there is a problem in BuildInDirectory.TryGetAndValidateUser? What happens to users with a non-legacy password (= with an Indicator "N") there?

                    1 Reply Last reply Reply Quote 0
                    • ? This user is from outside of this forum
                      Guest
                      last edited by

                      I'm not sure, that method hasn't changed since 3.5; unfortunately we can't test/validate this quickly or easily, but here is the code if anything comes to mind:

                          public override IUserDirectoryUser TryGetAndValidateUser(string userName, string password)
                          {
                              if (string.IsNullOrEmpty(userName))
                                  throw new ArgumentNullException("userName");
                      
                              try
                              {
                                  var userInfo = StoredProcs.Users_GetUser(userName).Execute();
                                  var user = userInfo.Users.FirstOrDefault();
                                  if (user == null)
                                      return null;
                      
                                  if ((YNIndicator)user.LegacyPassword_Indicator)
                                  {
                                      if (StoredProcs.Users_ValidateLogin(userName, password, null).Execute() == YNIndicator.No)
                                          return null;
                      
                                      SetPassword(userName, password);
                                  }
                                  else
                                  {
                                      using (var rfc2898 = new Rfc2898DeriveBytes(password, user.Salt_Bytes, 10000))
                                      {
                                          var bytes = rfc2898.GetBytes(20);
                                          if (!StructuralComparisons.StructuralEqualityComparer.Equals(bytes, user.Password_Bytes))
                                              return null;
                                      }
                                  }
                      
                                  return new BuiltInUser(user, userInfo.UserGroups);
                              }
                              catch (Exception ex)
                              {
                                  Log("TryGetAndValidateUser: " + ex.ToString());
                                  return null;
                              }
                          }
                      

                      This is the set method...

                          public static void SetPassword(string userName, string password)
                          {
                              using (var rfc2898 = new Rfc2898DeriveBytes(password, 10, 10000))
                              {
                                  var bytes = rfc2898.GetBytes(20);
                                  StoredProcs.Users_SetPassword(userName, bytes, rfc2898.Salt).Execute();
                              }
                          }
                      
                      1 Reply Last reply Reply Quote 0
                      • ? This user is from outside of this forum
                        Guest
                        last edited by

                        First thing to mention is that this is different from what was delivered with 3.8.6. Not sure if that makes a difference but it is.

                        My guesses:

                        1. if ((YNIndicator)user.LegacyPassword_Indicator) checks if the LegacyIndicator exists at all (so checks if it's a 3.5 or later version). In my installed 3.8.6, this part is if (user.LegacyPassword_Indicator != null).

                        2. if user has a legacy password, password is upgraded (SetPassword...)

                        3. If user has no legacy password (Indicator "N"), null is returned:

                        if (StoredProcs.Users_ValidateLogin(userName, password, null).Execute() == YNIndicator.No)
                        return null;

                        As I see, null is also returned if user is null (if (user == null) return null;) or the password is wrong (if (!StructuralComparisons.StructuralEqualityComparer.Equals(bytes, user.Password_Bytes)) return null;). So returning null seems to mean "No valid login". And it seems that users with an Indicator "N" (these users have the problem in my installation) always get a return null in versions 3.5 and later?! So that may be the problem. What do you think?

                        1 Reply Last reply Reply Quote 0
                        • ? This user is from outside of this forum
                          Guest
                          last edited by

                          That logic seems correct... we can repro this issue only if the users are not granted the "General_ViewHomePage" task.

                          Once a user has a failed login, can they browse directly to a particular feed if it's typed into the URL, e.g. http://{proget-server}/feeds/{feed-name} ?

                          1 Reply Last reply Reply Quote 0
                          • ? This user is from outside of this forum
                            Guest
                            last edited by

                            Yes, navigating to the feed directly works after the failed login.

                            1 Reply Last reply Reply Quote 0
                            • ? This user is from outside of this forum
                              Guest
                              last edited by

                              The users who cannot log in are mapped to the roles "Package Consumer and Adder" and "Package Consumer".

                              From the ProGet DB:

                              Roles Table:

                              Role_Id Role_Name


                              ...

                              9 Package Consumer and Adder

                              8 Package Consumer

                              Tasks Table:

                              Task_Id Task_Name Feed_Scopeable_Indicator


                              ...

                              28 General_ViewHomePage N

                              RoleTask Table

                              Role_Id Task_Id


                              ...

                              8 1

                              8 2

                              8 5

                              8 28

                              9 1

                              9 2

                              9 4

                              9 5

                              9 28

                              1 Reply Last reply Reply Quote 0
                              • ? This user is from outside of this forum
                                Guest
                                last edited by

                                Are those privileges assigned to a feed? If so, the General_ViewHomePage task will be ignored.

                                Make sure to grant General_ViewHomePage at the SYSTEM level and not scoped to a particular feed, that should resolve the issue.

                                1 Reply Last reply Reply Quote 0
                                • ? This user is from outside of this forum
                                  Guest
                                  last edited by

                                  Yes, the privileges are scoped to a certain feed. You're right, As soon as i scope to "All Feeds", login works. That's great!

                                  I'm still abit confued about how to limit some people to only one feed. They should be able to Add, View, Download packages of one feed only (including uploading packages using the web ui). Other feeds should not be visible to them. How to achieve that without scoping my privilege to a certain feed.

                                  What I didis to create a new Role "HomePageViewer" Role with only the General_ViewHomePage Task. Then, I've created two assignments for my ProductDevelopers group:

                                  1. Principal:ProductDevelopers, Role:Package Consumer and Adder, Scope: MyFeed
                                  2. Principal:ProductDevelopers, Role:HomePageViewer, Scope: (System)

                                  Would that be a recommended way or did I think too complicated?

                                  1 Reply Last reply Reply Quote 0

                                  Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                                  Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                                  With your input, this post could be even better 💗

                                  Register Login
                                  • 1 / 1
                                  • First post
                                    Last post
                                  Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation