Home/ Questions/Q 3697684
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T04:53:23+00:00

I’ve been playing around with using MySql as the membership provider for asp.net mvc

  • 0

I’ve been playing around with using MySql as the membership provider for asp.net mvc forms authentication. I’ve got things configured correctly as far as i can tell, and i can create users via both the register action and asp.net web config site. however, when i try to login with one of the users, it does not work. it returns an error as if i had entered a wrong password, or if the account doesn’t exist.

i have verified in the database that the account does exist. I’ve followed the instructions here for reference: http://blog.tchami.com/post/ASPNET-MVC-2-and-MySQL-Membership-Provider.aspx

here is my web.config:

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=152368
  -->

<configuration>
  <connectionStrings>
      <add name="MySQLConn" connectionString="Server=localhost;Database=intereditor;Uid=<user>;Pwd=<password>;"/>
  </connectionStrings>

  <system.web>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>

    <authentication mode="Forms">
      <forms 
        loginUrl="~/Account/LogOn" 
        timeout="2880"
        name=".ASPXFORM$"
        path="/"
        requireSSL="false"
        slidingExpiration="true"
        enableCrossAppRedirects="false"
        />
    </authentication>

    <membership defaultProvider="MySqlMembershipProvider">
      <providers>
        <clear/>
        <add name="MySqlMembershipProvider"
      type="MySql.Web.Security.MySQLMembershipProvider,MySql.Web,Version=6.3.4.0, Culture=neutral,PublicKeyToken=c5687fc88969c44d"
        autogenerateschema="true" connectionStringName="MySQLConn"
        enablePasswordRetrieval="false" enablePasswordReset="true"
        requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
        passwordFormat="Hashed" maxInvalidPasswordAttempts="5"
        minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0"
        passwordAttemptWindow="10" passwordStrengthRegularExpression=""
        applicationName="/" />
      </providers>
    </membership>

    <profile defaultProvider="MySqlProfileProvider">
      <providers>
        <clear/>
        <add name="MySqlProfileProvider"
        type="MySql.Web.Profile.MySQLProfileProvider,MySql.Web,Version=6.3.4.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d"
        connectionStringName="MySQLConn" applicationName="/" />
      </providers>
    </profile>

    <roleManager enabled="true" defaultProvider="MySqlRoleProvider">
      <providers>
        <clear />
        <add name="MySqlRoleProvider"
        type="MySql.Web.Security.MySQLRoleProvider,MySql.Web,Version=6.3.4.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d"
        connectionStringName="MySQLConn" applicationName="/" />
      </providers>
    </roleManager>
    <pages>
      <namespaces>
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
      </namespaces>
    </pages>
  </system.web>

  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

Can anyone please help me identify what is wrong so that users can login?

UPDATE

So after debugging the login process in the code of the membership provider itself, i discovered that there is a bug in the provider. There is a discrepancy between the password hash that is stored in the database, and the has that is generated based on the inputted password. As a workaround for my issue, i changed the password format to ‘encrpyted’ and added a machine key to my web.config.

I am still interested in figuring out the issue with the hashed format in the provider, and will spend some more time debugging it, and if i can figure out the problem, i will put together a patch and submit it.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Starting with .NET 4, the hashing algorithm used by the MySQL connector changed from SHA1 to something more complicated (HMACSHA256).

    To overcome this, you can change your web.config file:

    <membership 
  defaultProvider="AspNetMySqlMembershipProvider" 
  hashAlgorithmType="SHA1">

    More about that can be found at:
    http://www.devart.com/forums/viewtopic.php?t=17508&postdays=0&postorder=asc&start=15&sid=ed160634c0e76b0fb1a4a565e8b5e200

    • 0