[Mono-aspnet-list] Membership Provider Encrypt Password returning variable results

nzsaint chrisbrown76 at hotmail.com
Wed Jan 13 16:41:29 EST 2010




nbridgeh2o wrote:
> 
> I can register a new user with membership provider, but when validating
> user, the password encrypted by membership provider doesn't match my
> stored encrypted one, which causes it to fail every time. 
> 

My issue was a mistake on my part concerning the difference between 'hashed'
and 'encrypted' password formats (it was the end of a very long year). My
custom membership provider was using a salt for 'encrypted' passwords when
it should only be for 'hashed'. Since the salt is created at random each
time a different salt would be used when creating the user and validating
them every time so the passwords would never match and the validation would
fail.

I modified my provider (using the 'encrypted' password format) so its now
not using a salt (unless 'hashed' format is specified) and only using the
'decryption' and 'decryptionKey' settings in 'machineKey' in web.config as
you mentioned you have set.  

I would check your MySQL provider and check the values that are returned
during the validation process and particularly if a salt is being used.
-- 
View this message in context: http://old.nabble.com/Membership-Provider-Encrypt-Password-returning-variable-results-tp26822533p27152303.html
Sent from the Mono - ASP.NET mailing list archive at Nabble.com.



More information about the Mono-aspnet-list mailing list