MySQL Forms Authentication Hashed password problem

Question

I am trying to use the ASP.NET forms authentication service with the MySQL connector version 6.3.2. I was able to get it working using cleartext passwords but unable to get hashed passwords working. Here is a snippet from my machine.config file

<system.web>
  <membership defaultProvider="MySQLMembershipProvider">
    <providers>
      <add name="MySQLMembershipProvider" 
    type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.3.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" 
    autogenerateschema="true"
    connectionStringName="LocalMySqlServer" 
    enablePasswordRetrieval="false" 
    enablePasswordReset="true" 
    requiresQuestionAndAnswer="false" 
    applicationName="/" 
    requiresUniqueEmail="true" 
    passwordFormat="Hashed" 
    maxInvalidPasswordAttempts="5" 
    minRequiredPasswordLength="6" 
    minRequiredNonalphanumericCharacters="1" 
    passwordAttemptWindow="10" 
    passwordStrengthRegularExpression="" />
    </providers>
  </membership>
</system.web>

I am using the ValidateUser method of the MembershipProvider class to perform authentication. If the line passwordFormat="Hashed" is changed to passwordFormat="Clear" users will authenticate. After changing settings in the machine.config file I remove all users and recreate the accounts. I inspected the contents of the aspnet tables and the passwords are being stored properly as hashes - just failing to verify.

Answer 1

Looks like I'm not the only one who has noticed this bug: http://forums.mysql.com/read.php?38,368612,372250. Easily fixed by adding the following to the web.config:

<system.web>
  <machineKey validationKey="AutoGenerate" validation="SHA1" />
</system.web>