views:

53

answers:

0

I have an existing app in production that uses SqlMembershipProvider and has a specified machine key:

<machineKey validationKey="..." decryptionKey="..." 
            validation="SHA1" decryption="AES"/>

It runs under .Net 2.0 AppPool currently.

I'm writing a new application that has to use the existing database, which I have a backup of. I'm trying to get SqlMembershipProvider working with it (which it does) but I can't get a known username/password working. This account works in prod, and the password hash and salt are the same on both databases (prod and mine). However at the point where the SqlMembershipProvider compares the password from the database with the hashed password entered, they aren't the same.

This article suggests breaking changes with the default hashing algorithm in ASP.Net in .Net 4.0: http://www.asp.net/learn/whitepapers/aspnet4/breaking-changes

However I am already specifying a machine key as suggested. Further, I've stripped out the .Net 4.0 components and dropped it back to 3.5 (which is CLR 2) and the hash of the entered password is still the same.

Furthermore, I tried redeploying this new temporary app to the same server production is on, and it still fails to login (although I can't verify if it fails due to password hash mismatch).

What else can I try here?