SharePoint 2010 Form based authentication problem Event ID:1315 and Event ID:8306

Assume that you have a SharePoint 2010 site with configured as Claim Based Authentiction with custom SQL Membership . You have move your site and membership database to another server and you have facing with connection problems on existing SQL MemberShip users by getting this fallowing errors

In ULS Logs:

11.13.2012 15:40:18.20 w3wp.exe (0x18C8) 0x17C8 SharePoint Foundation Claims Authentication 0000 Unexpected Password check on ‘user@mail.com’ generated exception: ‘System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).’.

11.13.2012 15:40:18.20 w3wp.exe (0x18C8) 0x17C8 SharePoint Foundation Claims Authentication fo1t Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).

and In Event logs
Presence of Event ID 8306 in the Application Event Log
11/08/2012 03:29:11 PM Error SERVERA 8306 Microsoft-SharePoint Products-SharePoint Foundation Claims Authentication DOMAIN\User An exception occurred when trying to issue security token: The security token username and password could not be validated..

Presence of Event ID 1315 in the Application Event Log with Event code: 4006
Event message: Membership credential verification failed.

The problem is here if you try to login site with one of existing FBA user even password is correct , cound not able to validate password . If you create a new FBA user , there is no problem on login.
The main cause of this issue could be changes of the Machine Key.

Why ?

The Password information is stored in the aspnet_Membership table in Asp.Net Membership database . The   SqlMembershipProvider allows for passwords to be stored in the database    using one of the following three techniques:

  • Clear – the password is stored in the database as plain-text. I strongly        discourage using this option. If the database is compromised – be it by a hacker        who finds a back door or a disgruntled employee who has database access – every        single user’s credentials are there for the taking.
  • Hashed – passwords are hashed using a one-way hash algorithm and a randomly        generated salt value. This hashed value (along with the salt) is stored in the database.
  • Encrypted – an encrypted version of the password is stored in the database

The password storage technique used depends on the SqlMembershipProvider    settings specified in Web.configThe default behavior is to    store the hash of the password.
the particular encryption or hashing algorithm used by the SqlMembershipProvider is determined by the settings in the <machineKey> element.

for more information:
http://www.asp.net/web-forms/tutorials/security/membership/creating-the-membership-schema-in-sql-server-vb
http://www.asp.net/web-forms/tutorials/security/introduction/forms-authentication-configuration-and-advanced-topics-vb

So if you have move your site to another server you may consider that the MachineKey if anyhow is changed , the existing users’ passwords can not be validated.

1) First Check for the MachineKey values in web.config for related your FBA SharePoint site. If you have any difference on target site make them equalize.
2) Also don’t forget to check other servers in your farm for the same site should be same MachineKey. If any difference in MachineKeys may cause integrity problems.

Somehow If the data integrity has broken , recreating users or forcing the users reset their password will help about the issue.

 

Advertisements