Wednesday, August 21, 2019 9:04:37 AM
  • Posted: Wednesday, March 27, 2019 1:39 PM
  • 2
I've followed the documentation for generating a token, but am not able to get the password to validate.

I have verified that the user configured in Manage api users matches an active user account, and that the password matches the params posted to the api. I am able to step through the code, and see the apiuser record is retrieved via the email address.

However, on line 29 of the LoginValidator, the encrypted values do not match, resulting in a 400 response with the error "User not exists or password is wrong":

Grand.Web.Areas.Api.Validators.Common.LoginValidator line #29:
userapi.Password = "WVv3K2+inlyXrlVaJ6ML39iBqXfjNN/k"
encryptionService.EncryptText(password, userapi.PrivateKey) = "43OCLnIRcilrHsOHpOn4nw=="

I'm using Grand Node Version 4.4

"Api": {
    "Enabled": true,
    "SecretKey": "################",
    "ValidateIssuer": false,
    "ValidIssuer": "",
    "ValidateAudience": false,
    "ValidAudience": "",
    "ValidateLifetime": true,
    "ValidateIssuerSigningKey": true,
    "ExpiryInMinutes": 1440,
    //generate system model
    "SystemModel":  true

    "errors": {
        "": [
            "User not exists or password is wrong"
    "title": "One or more validation errors occurred.",
    "status": 400,
    "traceId": "0HLLIML0JQ9OH:00000008"
  • Posted: Thursday, March 28, 2019 10:55 AM
  • Moderator
  • 295
Hi Nathan,

Sorry but I don't understand the context of that action. Is it possible to know the use case of this example? Password is impossible to encrypt, so if you forget it or if you want to interact somehow with it it's impossible. Web API user creation is working fine, because I tested it while ago. Did you check the docs page of Web API? Maybe docs will be useful for you.
  • Posted: Thursday, March 28, 2019 11:39 AM
  • 2
My colleague informed me that the password I was sending in the request body first needed to be base-64 encoded using the utility found here:

After encoding my password, the request is now working as expected.
  • Posted: Thursday, March 28, 2019 11:49 AM
  • Moderator
  • 295
That's great. Information about that fact is available in the docs here: In the section How to generate Web API Token in GrandNode?. But I'm happy that works as expected.