mvc confirm password always fails -

I'm using VS2017 Community. Also forgot to mention, This happens in IE11 and not in Chrome.
I generate the default template for an MVC application with Individual user accounts. I hit F5, goto Register, fill in the fields but every time, no matter what, the form does not post and I get the error from the model validations (The password and confirmation password do not match.). As a refresher:
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[Display(Name = "Password")]
public string Password { get; set; }
[Display(Name = "Confirm password")]
[Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
I have tried several emails and passwords. I confirmed that I followed the rules in IdentityConfig.cs for the password.
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
I'm following a Pluralsight course and they do exactly what I'm doing without errors, except he seems to be using an older version of Visual Studio.
I've searched for this problem six ways to sunday and everything that comes refers to older implementations of MVC where the Compare attribute wasnt fully implemented yet or was implemented differently.
Can anyone else confirm/deny this works out of the box for them?
And heres the post action, again all default, all template code.
public async Task<ActionResult> Register(RegisterViewModel model)
if (ModelState.IsValid)
var user = new ApplicationUser { UserName = model.Email, Email = model.Email };
var result = await UserManager.CreateAsync(user, model.Password);
if (result.Succeeded)
await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);
// For more information on how to enable account confirmation and password reset please visit
// Send an email with this link
// string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
// var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
// await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking here");
return RedirectToAction("Index", "Home");
// If we got this far, something failed, redisplay form
return View(model);
Just for grins, heres the default view it generates.
#model PSMVCAuth.Models.RegisterViewModel
ViewBag.Title = "Register";
#using (Html.BeginForm("Register", "Account", FormMethod.Post, new { #class
= "form-horizontal", role = "form" }))
<h4>Create a new account.</h4>
<hr />
#Html.ValidationSummary("", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(m => m.Email, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.Email, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.Password, new { #class = "col-md-2 control-label"
<div class="col-md-10">
#Html.PasswordFor(m => m.Password, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.ConfirmPassword, new { #class = "col-md-2 control-
label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.ConfirmPassword, new { #class = "form-
control" })
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" class="btn btn-default" value="Register" />
#section Scripts {


How to hide alert box when validation is on server side with Data Annotation on page load

I created a simple login page on mvc where the user must be notified when not entering password or username, using data annotation as following.
[Required(ErrorMessage = "password needed")]
public string password { get; set; }
[Required(ErrorMessage = "user name needed")]
public string username{ get; set; }
In the controller I'm testing with hard coded values as follwoing:
public ActionResult Login2(Login login)
string username = login.username;
string password = login.password;
if (ModelState.IsValid)
if (username == "100000" && password == "password")
return RedirectToAction("Index", "Home");
return View();
return View();
In the viwe, I verify with validation message as below:
<label class="form-label" for="contactPhone">
#Html.EditorFor(model => model.CVR, new {
htmlAttributes = new { #class = "form-input", PlaceHolder =
"username", maxlength = "10", Type="HtmlInputFile",
id="username" , value=""} })
#Html.ValidationMessageFor(model =>
model.username, "", new { #class = "alert alert-error" })
<label class="form-label" for="contactPhone">
#Html.EditorFor(model => model.password,
"Password", new { htmlAttributes = new { #class = "form-
input", PlaceHolder = "password" } })
#Html.ValidationMessageFor(model =>
model.password, "", new { #class = "alert alert-error" })
<button class="button button-primary button-active"
id="danger" type="submit">Login</button>
The problem is that the alert box is displayed on the page load (empty).
Once the submit button without filling the fields the error message is displayed. My questions are as follwoing:
1- how to hide the red alert box when loading the login page?
2- how to add more restrections for validating the username and password. for example:
how to validate the correct password? and display the error message in the alert box?
how to validate the correct username?and display the error in the alert box?
The standard way of doing this in MVC is to add all your validations to your model:
public class LoginViewModel
[Required(ErrorMessage = "password needed")]
public string Email { get; set; }
[Required(ErrorMessage = "user name needed")]
public string Password { get; set; }
Then in your Controller, you would check if the model is valid:
public ActionResult Login2(LoginViewModel model, string returnUrl)
if (!ModelState.IsValid)
return View(model); // <-- return invalid model to the same view (Login2) so user can fix it
// code for valid model...
And display the error message in the view like:
#using (Html.BeginForm("Login2", "Account", FormMethod.Post, new { role = "form" }))
#Html.ValidationSummary(true, "", new { #class = "text-danger" })
<div class="form login-form">
<div class="form-group">
#Html.LabelFor(m => m.username, new { #class = "" })
#Html.TextBoxFor(m => m.username, new { #class = "form-control" })
#Html.ValidationMessageFor(m => m.username, "", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(m => m.password, new { #class = "" })
Html.PasswordFor(m => m.password, new { #class = "form-control" })
#Html.ValidationMessageFor(m => m.password, "", new { #class = "text-danger" })
See this answer for customizing password validation rules.

MVC Admin reset of User Password

After a lot of messing around, and with some excellent help from ADyson, I got this working.
On my system, when an admin user logs in, a link appears for them to go into the user management system. This provides a list of users, the ability to create another user, delete them, or change their details.
Also, when ANY user logs in they are able to change their own password. However, if a user forgets their password, the admin user must reset the password. I'm not emailing them a link or anything fancy. In the "List Users" bit in the admin screen, there is an Actions column that contains links to edit, delete, show details, and reset password.
I have an ApplicationUsersController that contains the functions to edit, delete, etc. I have a series of ApplicationUsers views called Create, Edit, Delete, Details, Edit, Index. Most of this code was generated when I created an ApplicationUsersController and chose to create the views. There is also a ResetUserPasswordsViewModel as well. Here is the ResetPassword view:
#model ICWeb.Models.ResetUserPasswordViewModel
ViewBag.Title = "Reset User Password";
Layout = "~/Views/Shared/_Layout.cshtml";
#using (Html.BeginForm())
<div class="form-horizontal">
<hr />
#Html.ValidationSummary(true, "Please fix the errors displayed", new { #class = "text-danger" })
#Html.HiddenFor(model => model.Id)
<div class="form-group">
#Html.LabelFor(model => model.NewPassword, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.NewPassword, new { htmlAttributes = new { #class = "form-control", #autofocus = "autofocus" } })
#Html.ValidationMessageFor(model => model.NewPassword, "", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(model => model.ConfirmPassword, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.ConfirmPassword, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.ConfirmPassword, "", new { #class = "text-danger" })
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Reset Password" class="btn btn-default" />
#Html.ActionLink("Back to List", "Index")
#section Scripts {
In the controller I have:
// GET: /ApplicationUsers/ResetPassword
public ActionResult ResetPassword(string id)
return View(new ResetUserPasswordViewModel() { Id = id });
//POST: /ApplicationUsers/ResetPassword
public async Task<ActionResult> ResetPassword(ResetUserPasswordViewModel model)
if (!ModelState.IsValid)
return View(model);
ApplicationDbContext context = new ApplicationDbContext();
UserStore<ApplicationUser> store = new UserStore<ApplicationUser>(context);
UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
string userId = model.Id;
string newPassword = model.NewPassword;
string hashedNewPassword = UserManager.PasswordHasher.HashPassword(newPassword);
ApplicationUser cUser = await store.FindByIdAsync(userId);
await store.SetPasswordHashAsync(cUser, hashedNewPassword);
await store.UpdateAsync(cUser);
return RedirectToAction("Index");
After a lot of messing around, I re-did this function. The view loads now and I can type in 2 new passwords. When I submit, the ResetPassword function runs. I can see when I step through the code it has the passwords I typed, and by editing the GET function to populate the model with the Id, I now get the Id of the user. The whole controller access is limited to users with admin permissions, so unless you're an admin you can't do anything here.
In my ResetUserPasswordModel I have:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.ComponentModel.DataAnnotations;
namespace ICWeb.Models
public class ResetUserPasswordViewModel
public string Id { get; set; }
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[Display(Name = "New password")]
public string NewPassword { get; set; }
[Display(Name = "Confirm new password")]
[Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
All sorted, and the help was, and is, very much appreciated.
In the system I'm developing (but not yet completed or tested) I've got this written. It works so should be a good starting point. Note that the view model takes care of mis-match passwords so that is covered for you already.
I use Direct Injection for the User Manager - just replace my _userManager with your own instance, however you create it.
#model Models.ResetPasswordViewModel
ViewBag.Title = "Reset password";
<div class="container">
#if (ViewBag.Error != null)
<div class="alert-danger mb-2">Error(s) occured : #ViewBag.Error</div>
#Html.ActionLink("Back to List", "AllUsers", null, new { #class = "btn btn-outline-primary" })
using (Html.BeginForm("ResetPassword", "Account", FormMethod.Post, new { #class = "form-horizontal", role = "form" }))
#Html.ValidationSummary("", new { #class = "text-danger" })
#Html.HiddenFor(x => x.Id)
<div class="form-group">
#Html.LabelFor(model => model.UserName, htmlAttributes: new { #class = "control-label" })
#Html.EditorFor(model => model.UserName, new { htmlAttributes = new { #class = "form-control", #readonly = "" } })
<div class="form-group">
#Html.LabelFor(m => m.Password, new { #class = "control-label" })
#Html.PasswordFor(m => m.Password, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.ConfirmPassword, new { #class = "control-label" })
#Html.PasswordFor(m => m.ConfirmPassword, new { #class = "form-control" })
<div class="form-group d-flex">
#Html.ActionLink("Back to User Edit", "EditUser", "Account", new { userId = Model.Id }, new { #class = "btn btn-outline-primary" })
<input type="submit" value="Reset Password" class="btn btn-primary ml-auto" />
public class ResetPasswordViewModel
[Display(Name = "User Id")]
public string Id { get; set; }
[Display(Name = "User Name")]
public string UserName { get; set; }
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[Display(Name = "Password")]
public string Password { get; set; }
[Display(Name = "Confirm password")]
[Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
public async Task<ActionResult> ResetPassword(ResetPasswordViewModel model)
if (!ModelState.IsValid)
return View(model);
var user = _userManager.FindById(model.Id);
IdentityResult result = null;
if (user != null)
string code = await _userManager.GeneratePasswordResetTokenAsync(user.Id);
result = await _userManager.ResetPasswordAsync(user.Id, code, model.Password);
if (result.Succeeded)
return RedirectToAction("ResetPasswordConfirmation", "Account", model);
// return errors
var s = new System.Text.StringBuilder();
foreach (var e in result.Errors)
if (s.Length > 0)
s.Append(", ");
ViewBag.Error = s.ToString();
return View();

Update password for user account in mvc 5

I'm currently working on user account and so far i've managed to work upon register and login panel with email confirmation process. Here i'm stuck in forget password option. I'm using entity framework. All i have to do is to change password for the registered email. This is what i've done so far.
Note: getting the error in controller action method
the entity type is not part of the model for the current context
I have a table named registration attached to the DBContext class. And i'm trying to update the records (particularly the password field) for the forger password option. I made the property class UpdateAcccount.cs with validation as attached below. In order to update the password, I retrieved the row matching with email id. And then transferring the updated password in the database.
This time i'm getting the error of "password does not match" although there's no field of confirm password in the database(registration table) + i even tried to use bind(exclude) attribute for confirm password but that didn't work either.
Controller class
public ActionResult UpdateAccount(UpdateAccount account)
string message = "";
bool status = false;
if (ModelState.IsValid)
account.Password = Crypto.Hash(account.Password);
account.ConfirmPassword = Crypto.Hash(account.ConfirmPassword);
using (TravelGuide1Entities entity = new TravelGuide1Entities())
var v = entity.Registrations.Where(a => a.Email == account.Email).FirstOrDefault();
if (v != null)
v.Password = account.Password;
entity.Entry(v).State = System.Data.Entity.EntityState.Modified;
return RedirectToAction("Login");
catch(Exception e)
return View();
public class UpdateAccount
[Display(Name = "Email")]
[Required(AllowEmptyStrings = false, ErrorMessage = "Email id required")]
public string Email { get; set; }
[Display(Name = "New Password")]
[Required(AllowEmptyStrings = false, ErrorMessage = "Password required")]
[MinLength(6, ErrorMessage = "Minimum 6 character required")]
public string Password { get; set; }
[Display(Name = "Confirm Password")]
[Compare("Password", ErrorMessage = "Password do not match")]
public string ConfirmPassword { get; set; }
#model Travel.Models.UpdateAccount
ViewBag.Title = "UpdateAccount";
#using (Html.BeginForm())
<div class="form-horizontal">
<hr />
#Html.ValidationSummary(true, "", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(model => model.Email, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.Email, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.Email, "", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(model => model.Password, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.Password, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.Password, "", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(model => model.ConfirmPassword, htmlAttributes: new { #class = "control-label col-md-2" })
<div class="col-md-10">
#Html.EditorFor(model => model.ConfirmPassword, new { htmlAttributes = new { #class = "form-control" } })
#Html.ValidationMessageFor(model => model.ConfirmPassword, "", new { #class = "text-danger" })
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Create" class="btn btn-default" />
#Html.ActionLink("Back to List", "Index")
#section Scripts {

how to add phone number field in registeration page of mvc application

i want to add phone number field on default registration page of MVC5 Web Application.
and when a user register with given info the user data store in default database of AspNetUsers table in PhoneNumber column.
here is my code for register View.
#Html.ValidationSummary("", new { #class = "text-danger" })
<div class="form-group">
#Html.LabelFor(m => m.Email, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.Email, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.Password, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.Password, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.ConfirmPassword, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.ConfirmPassword, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.Number, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.Number, new { #class = "form-control" })
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" class="btn btn-default" value="Register" />
and here is code for register view model.
public class RegisterViewModel
[Display(Name = "Email")]
public string Email { get; set; }
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[Display(Name = "Password")]
public string Password { get; set; }
[Display(Name = "Confirm password")]
[Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
[Required(ErrorMessage = "Your must provide a PhoneNumber")]
[Display(Name = "Phone Number")]
public string Number { get; set; }
String number is also used in i use the same name.but when a user register its phone number is not showing on database table.
All you need to do is include the phone number in the ApplicationUser like this:
var user = new ApplicationUser { UserName = model.Email, Email = model.Email, PhoneNumber = model.Phone };
You can find that object in the
public async Task<ActionResult> Register(RegisterViewModel model)
if (ModelState.IsValid)
var user = new ApplicationUser { UserName = model.Email, Email = model.Email, PhoneNumber = model.Phone };
var result = await UserManager.CreateAsync(user, model.Password);
if (result.Succeeded)
await SignInManager.SignInAsync(user, isPersistent:false, rememberBrowser:false);
return RedirectToAction("Index", "Home");
return View(model);
function in the AccountController.cs in a fresh MVC5 project. You can check the AspNetUsers table to see where it went.
It is probably wiser to not store your user data in that table, but create a seperate table for things like phone numbers, etc. That way you can keep your AccountController uncluttered and lean.
For the record, I just did a 'Create new project > MVC' in my VS2012. Nothing was changed from the default settings the new project came with except adding the Phone property to the model and an input field to the view, just like you did.

What could be causing for ASP.NET MVC form to not properly submit/deserialize?

This looks like it should be working, yet the form submits with model not properly deserialized. Using latest ASP.NET MVC from nuget. .NET 4.5
A very standard user-registration View/Controller.
#model Alertera.Portal.Web.Models.RegisterViewModel
ViewBag.Title = "Register";
#using (Html.BeginForm("Register", "Account", FormMethod.Post, new { #class = "form-horizontal", role = "form" }))
<h4>Create a new account.</h4>
<hr />
<div class="form-group">
#Html.LabelFor(m => m.UserName, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.UserName, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.FirstName, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.FirstName, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.LastName, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.LastName, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.Email, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.TextBoxFor(m => m.Email, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.Password, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.Password, new { #class = "form-control" })
<div class="form-group">
#Html.LabelFor(m => m.ConfirmPassword, new { #class = "col-md-2 control-label" })
<div class="col-md-10">
#Html.PasswordFor(m => m.ConfirmPassword, new { #class = "form-control" })
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" class="btn btn-default" value="Register" />
// POST: /Account/Register
public async Task<ActionResult> Register(RegisterViewModel model)
if (ModelState.IsValid)
var user = new User
UserName = model.UserName,
FirstName = model.FirstName,
LastName = model.LastName
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
_bus.Publish(new UserCreated(user));
await SignInAsync(user, isPersistent: false);
return RedirectToAction("Index", "Home");
// If we got this far, something failed, redisplay form
return View(model);
All of the posts are coming in with model being empty or forgery token not present (depends if I enable or disable verficiation). I'm simply stumped and don't know where to look.
** EDIT **
If I disable antiforgery, ModelState is invalid, all of the fields in the model are empty and error messages state that fields are required.
I'm using Autofac with MVC extensions and Model binder is registered like so:
Autofac is working in general, as controller is instantiated properly and is injected with propery dependencies.
Edit 2:
Created a custom binder by inheriting from the DefaultModelBinder, per suggestion, so that I could see the transformation. It looks like the bindingContenxt's model is null
The view model itself is here:
public class RegisterViewModel
[Display(Name = "User name")]
public string UserName { get; set; }
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[Display(Name = "Password")]
public string Password { get; set; }
[Display(Name = "Confirm password")]
[Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
public string Email { get; set; }
public string LastName { get; set; }
public string FirstName { get; set; }
After a full day of trubleshooting, updating all of the nuget packages, making sure that web.config's are all tight and contain proper assembly redirects, routes are neat, and even repair of .NET framework and other time consuming and irrelevant activities, I've finally figured this out:
A few weeks prior, we've introduced an Autofac binding that would capture serialized HttpContext along with other relevant data for when the logging framework would need it. (Imagine being able to log request information alongside a full exception stack inside a business object without polluting business logic with session/logging data.)
Unfortunately, as a part of the binding creation, the HttpContext was being serialized by and not at the time of the logging of the event, but at the time of the binding.
Apparently, when seralizes HttpContext, it actually reads the streams inside it for the first time, causing the submitted form data to be read, so that when Controller is instantiated and data for it is posted, the streams have already been read and Request.Form colection is empty.
Simple fix to only create a delegate to serialize HttpContext appears to have fixed the issue
