I’m developing an application using ASP.NET 4 MVC 3. I’m using the default AspNetSqlMembershipProvider. We are resetting the password using MembershipUser.ResetPassword() function. The method is working fine and resetting the password in the database successfully and returning the new random generated password.
The situation is we are unable to login to our application using the new password.
FYI: my reset call is followed by the user.UnLock() method.
MembershipUser user = Membership.GetUser(userName);
if (user == null)
throw new DataNotFoundException("Invalid User.");
string newPassword = string.Empty();
var isUnlock = user.UnlockUser();
if(isUnlock) newPassword=user.ResetPassword();
return newPassword;
Finally, I’ve found the root cause for the problem and obviously solution.
This situation was raised because of the mismatch of hashAlogorithmType used in the application. The default hashAlgorithmType in ASP.NET 4 is “HMACSHA256”. Initially, when I added an admin account to the database using the ASP.Net configuration tool, it hashed the password with “SHA1” hashing algorithm. When I tried to reset the password using the ASP.NET Membership API, it was successfully reset the password. But using the default hashing algorithm “HMACSHA256”.
That made me crazy when I tried to login using the new password generated by API.
Finally I’ve added the below code line and set the break point just before calling the API’s reset method.
my complete code looks like below
It has given me the hint about the default hashing algorithm using by the API.
then I’ve added an attribute to tag in web.config like below
and tried again with resetting the password and login using the generated password.
Wow! it’s working.