Vulnerability in EPiServer.Forms
I've configured my Commerce site to use Asp.NET Identity and it all seems to be OK: I can create contacts, organizations etc and view all other Commerce content OK.
However, if I create a contact and then choose 'Create account' for the contact the 'Create Account' dialog appears correctly but when I fill in the detilas and click 'OK',
I get the following error:
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.Configuration.Provider.ProviderException: Default Membership Provider must be specified.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
[ProviderException: Default Membership Provider must be specified.]
Mediachase.Commerce.Security.SecurityContext.ValidateMembershipUserPassword(String password) +17
Mediachase.Commerce.Manager.Apps.Customer.Modules.MembershipAccountEdit.UserPassword_ServerValidate(Object source, ServerValidateEventArgs args) +66
System.Web.UI.WebControls.CustomValidator.OnServerValidate(String value) +173
System.Web.UI.HtmlControls.HtmlButton.RaisePostBackEvent(String eventArgument) +111
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1890
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.8.4001.0
I've seen this error mentioned in the forums in connection with the login page, but not with this dialog - any ideas anyone?
Please share below details from web.config from both CMS and Commerce projects
Or just try following (if not doing already)
I also found this related thread, see if it helps
Hi Praful, I've already got the providers configured as you show above, and I've looked at the forum post you mentioned.
I actually raised the issue with developer support - they could reproduce the issue using the Quicksilver Commerce project, but closed the bug with the following comment:
Full support for AspNetIdentity in CM can be expensive. We can probably close this as won't fix
Our Commerce solution probably won't require this feature, so we'll disable the menu option via CSS, but it would be nce if it was working...
I get you, and I agree that it would be nice to be working as well. however consider the priority and resources, and the fact that you have found a workaround for the problem, we will move on from the issue. Everything has a opportunity cost, and by fixing that issue we will miss the chance to add new things or make things faster.
So I'm glad that you understand ...
Hi,Is this issue still listed as won't fix?
We are also using Asp.NET Identity and have the same exact issue as described. We are building a B2B site behind login and it could be nice if the administrators could create new users entirely inside Commerce Manager by creating a Contact and afterwards adding an Accont to the Contact.
As I see it the workaround evolves the following steps.
Are there better ways this could be achived, that makes it more straightforward for the Administrator?
As Rasmus wrote, you can manage the user and contacts separately.
But to make the account panel work with ASP.Net Identity, I recently made a fix to the contact screen. I wrote about it here.