Changing machinekey prevents login of existing users

by

I’m using Membership provider configured in Web.config like this to use SQL CE:

  <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=|DataDirectory|Users.sdf" providerName="System.Data.SqlServerCe.4.0" />
  </connectionStrings>

and:

<membership defaultProvider="DefaultMembershipProvider">
  <providers>
    <clear />
    <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordFormat="Hashed" applicationName="/" />
  </providers>
</membership>

This works correctly if I have no machinekey specified.

If I add a machinekey to the Web.config as follows, then existing users can no longer login. However I can create new users and they can log-in.

<machineKey validationKey="D829F10BE92767EC2F9E9FC53B2CF3952AAD386483D6E81E74B4BD84DBE66F71CA121581598FEA669892DBDE46507DF3C8028BBD8FD4E678557621141945171C" decryptionKey="D14678D1FB1777E10316163F6D97071CDF2A447FA15C172DC9525BA397BB0610" validation="SHA1" decryption="AES" />
<pages enableViewStateMac="true"/>

If I remove the machinekey then originally-created users can log-in again, and newly-created users cannot.

Why does adding a machinekey change whether existing users can log-in, given that the password is hashed not encrypted?

Contents hide
Answers:
Method 1

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

By default, .Net Framework 4 use SHA256. Please make sure algorithm is same in both places, and try either SHA1 or SHA256.

<membership ... hashAlgorithmType="SHA1">
  <providers>
    ...
  </providers>
</membership>

<machineKey ... validation="SHA1" decryption="AES" />


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x