0

We have an application programmed with ASP.NET and C#. The application has users which can change their passwords. And there is our problem:

When a user changes the password, the new password gets sent to the server and we save the new password in the code using EntityFramework:

var entry = this.dataContext.Entry(entity);
entry.State = EntityState.Modified;
this.dataContext.SaveChanges();

Anyway, when the user now tries to log in with the new password, he fails. Instead, he still can log in with the old password.

We know that the DatabaseContext still has the old data in it, but we don't know why, and how we can enforce it to load the new data after we saved the edited data. On the database, the new password gets saved.

LazyLoadingEnabled is set to false, if that helps.

Can anyone help us?

VAL
  • 3
  • 2
  • What code do you use to retrieve it? Have you ensured that the password physically changes in the DB? – TestWell Jul 08 '15 at 14:36
  • Yes, I'm sure the password gets changed. The new password is in the database as soon as I call SaveChanges(); – VAL Jul 08 '15 at 14:39
  • Are you using a static db context? Lookups to the DB check the object graph first before heading to the db. It's possible you have an old graph that you are checking against. – James Sampica Jul 08 '15 at 14:41
  • The problem may lie in the code you use to retrieve the password during login. Can you show us how you return passwords? – TestWell Jul 08 '15 at 14:42
  • This answer may help: http://stackoverflow.com/a/30170364/2069745 – Pynt Jul 08 '15 at 14:50
  • I get the user through the user name from the database: this.Context.Users.SingleOrDefaultAsync(entity => entity.Username == userName) In this object is the password stored. Then I compare the inserted password with the stored password. – VAL Jul 08 '15 at 14:54

1 Answers1

0

So, we solved the problem.

Basically the problem was that on application start, we opened a DbContext (1) and everytime someone logs in, the application took the user data from the same DbContext (1). When the user changes his password, the application opens another DbContext (2) and changes it. As soon as you want to log in again, the application took the data from the old DbContext (1). Since the DbContext gets never recreated in the whole runtime of the web application, the user data also gets never updated in the context.

I hope this answer helps if anybody hits the same problem.

VAL
  • 3
  • 2