问题
I know this looks similar to other questions here but I don't think my case is the same as theirs.
I have a website that uses the AspNetSqlMembershipProvider to validate users. I would like to use the same database from a console application. According to several articles on the web I can use the System.Web.Security.Membership class from outside ASP.NET by copying the appropriate sections from web.config to app.config. That is what I did.
My console appliction can get the user with the requested name and I can confirm that the user is approved and is not locked out but ValidateUser returns false for a correct username and password pair.
I have found articles where people have had trouble with migrating code which may be due to a machine key mismatch but have also found a reference saying that machine key is only used if the passwordFormat property equals encrypted whereas I am using hashed.
Is the issue that the two pieces of code - the website and the console app - are in different assemblies and the assembly name or other property is being used during password hashing? In both cases the application name property is set to /.
Should I continue with this approach or just access the database directly and hash the password myself?
回答1:
Have a look at this article:
http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm
Adding the membership configuration settings in your app.config may help.
Hope it helps!
回答2:
It turns out that the original author of the website code - who was not me - converted the entered password to upper case before using it. As I didn't know this and my console application didn't do so ValidateUser was correctly reporting that the passwords did not match.
来源:https://stackoverflow.com/questions/4602944/why-might-membership-validateuser-return-false-when-the-user-is-approved-and-is