ASP.NET MVC + MySql Membership Provider, user cannot login
Posted
by
Jason Miesionczek
on Stack Overflow
See other posts from Stack Overflow
or by Jason Miesionczek
Published on 2010-10-04T19:02:36Z
Indexed on
2011/01/16
10:53 UTC
Read the original article
Hit count: 350
Hello,
I've been playing around with using MySql as the membership provider for asp.net mvc forms authentication. I've got things configured correctly as far as i can tell, and i can create users via both the register action and asp.net web config site. however, when i try to login with one of the users, it does not work. it returns an error as if i had entered a wrong password, or if the account doesn't exist.
i have verified in the database that the account does exist. I've followed the instructions here for reference: http://blog.tchami.com/post/ASPNET-MVC-2-and-MySQL-Membership-Provider.aspx
here is my web.config:
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=152368
-->
<configuration>
<connectionStrings>
<add name="MySQLConn" connectionString="Server=localhost;Database=intereditor;Uid=<user>;Pwd=<password>;"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="Forms">
<forms
loginUrl="~/Account/LogOn"
timeout="2880"
name=".ASPXFORM$"
path="/"
requireSSL="false"
slidingExpiration="true"
enableCrossAppRedirects="false"
/>
</authentication>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<add name="MySqlMembershipProvider"
type="MySql.Web.Security.MySQLMembershipProvider,MySql.Web,Version=6.3.4.0, Culture=neutral,PublicKeyToken=c5687fc88969c44d"
autogenerateschema="true" connectionStringName="MySQLConn"
enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10" passwordStrengthRegularExpression=""
applicationName="/" />
</providers>
</membership>
<profile defaultProvider="MySqlProfileProvider">
<providers>
<clear/>
<add name="MySqlProfileProvider"
type="MySql.Web.Profile.MySQLProfileProvider,MySql.Web,Version=6.3.4.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d"
connectionStringName="MySQLConn" applicationName="/" />
</providers>
</profile>
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<clear />
<add name="MySqlRoleProvider"
type="MySql.Web.Security.MySQLRoleProvider,MySql.Web,Version=6.3.4.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d"
connectionStringName="MySQLConn" applicationName="/" />
</providers>
</roleManager>
<pages>
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
</namespaces>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
Can anyone please help me identify what is wrong so that users can login?
UPDATE
So after debugging the login process in the code of the membership provider itself, i discovered that there is a bug in the provider. There is a discrepancy between the password hash that is stored in the database, and the has that is generated based on the inputted password. As a workaround for my issue, i changed the password format to 'encrpyted' and added a machine key to my web.config.
I am still interested in figuring out the issue with the hashed format in the provider, and will spend some more time debugging it, and if i can figure out the problem, i will put together a patch and submit it.
© Stack Overflow or respective owner