tags:

views:

190

answers:

2
+1  Q: 

Login fails after upgrade to ASP.net 4.0 from 3.5

I cannot log in using any of the membership accounts using .net 4.0 version of the app. It fails like it's the wrong password, and FailedPasswordAttemptCount is incremented in my_aspnet_membership table. (I am using membership with mysql membership provider.)

I can create new users. They appear in the database. But I cannot log in using the new user credentials (yes, IsApproved is 1).

One clue is that the hashed passwords in the database is longer for the users created using the asp.net 4.0 version, e.g 3lwRden4e4Cm+cWVY/spa8oC3XGiKyQ2UWs5fxQ5l7g=, and the old .net 3.5 ones are all like +JQf1EcttK+3fZiFpbBANKVa92c=.

I can still log in when connecting to the same db with the .net 3.5 version, but only to the old accounts, not the new ones created with the .net 4.0 version. The 4.0 version cannot log in to any accounts.

I tried dropping the whole database on my test system, the membership tables are then auto created on first run, but it's still the same, can create users, but can't log in.

+1  A: 

I am having the exact same problem. I have my web application in both 3.5 and 4.0 and only the "old" accounts work on the 3.5 instance.

Here's to hoping someone has an answer!

UPDATE:

I changed the passwordFormat to Clear and I was able to create a new user and log in with the 4.0 application. Looks like something has changed with the way the passwords are hashed.

UPDATE 2:

I was able to make one of the "old" accounts work. With the above change to the passwordFormat, I changed the PasswordFormat column in my_aspnet_membership to 0 and set the password manually in the same table. While this is convoluted and messy, it let the account get it. I'm going to try running password reset and see if that fixes the broken accounts.

Mike  2010-04-29 17:47:06
+1  A: 

See: HERE

The default hashing algorithm has changed for .net 4.0. Default Hashing Algorithm Is Now HMACSHA256. Earlier versions of ASP.NET used the older HMACSHA1 algorithm.

To configure an ASP.NET 4 Web application to use the older HMACSHA1 algorithm, add the following setting in the Web.config file:

<machineKey validation="SHA1"/>
lomac  2010-05-04 11:48:30

related questions

Store user id in Principal or Identity? ASP.Net/OpenID.
Converting Single DB ASP.NET Site into MultiTenant - Membership and Roles Dilema
customize asp.net membership by changing "userid" type to integer
ASP Membership cannot handle encrypted connection strings in web.config
what is the best way to make some pages in asp.net require login?
Looking for a Yahoo Groups (CMS) replacement
Why should I Use ASP.NET Membership security model?
ASP.NET: Does implementing a custom MembershipProvider class needs you to implement a custom Membership class too?
How to set the Principal in an ASP.Net app
How can you test if an ASP.NET membership password will meet configured complexity requirements?
ExpressionEngine Multiple Site Manager and Member Groups
Locking out a user in an ASP .Net Custom Membership Provider
ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
Not using e-mail address in a custom MembershipProvider?
How to get current user in Asp.Net MVC
programmatic login with .net membership provider
ASP.NET Forms Authentication With Only UserName
Unit test Custom membership provider with NUnit throws null reference error
How to access UserId in ASP.NET Membership without using Membership.GetUser() ?
How can I wire users with their respective folders in ASP.NET?
Grabbing Users with a specific value in their profile
How do you pass an authenticaticated session between app domains
What's the best way to authenticate over WCF?
Memcached chunk limit
ASP.NET Site Maps