Using the ASP.NET membership provider (hashed password format) I am unable to reset password.

Question

I am developing a website using Umbraco v4.0.2.1 which implements the ASP.NET membership provider.

When using either Hashed or Encrypted as the password format, I am unable to reset a password. It does appear to work, i receive an email with the new password, and I can see that the password has changed in the database. However, when i try to login using the new password, login fails.

Answer 1

You need to set the password type to "Clear" instead of "Hashed" in web.config in order to be able to log in using old accounts. This is because the provider implementation changed with the 4.0.2.1 update.

If you set it to "Hashed" and create a new account, are you still unable to reset the password for that new account?

Answer 2

There's a bug in the membership provider that I am using that hashes the password twice when used with the PasswordRecovery control.