问题
The new MVC4 RTM internet application templates use the SimpleMembership providers as descibed here SimpleMembership
My existing MVC website uses the ASP.Membership framework and ideally I would like to migrate the user data in these tables to the new SimpleMembership tables. My reasons for wanting to do this are:
- Cleaner integration with the rest of the my database which uses EF
- Support for Azure and OAuth out of the box
- Use latest MVC4 RTM Controllers/Views without needing to modify
- I've always felt the existing membership implementation was a little bloated for what I needed
So I wrote a SQL script today to migrate the data in the existing ASP.Net Membership tables into the new Simple Membership tables. This can be found here
Testing the login in my MVC 4 website the password verification is failing. I believe the SimpleMembership uses a different password algo than the old Membership framework as new passwords created under the SimpleMemberShip framework look a lot longer.
So my question is since I was using the "hashed" password format in the old ASP.Net membership providers and the users original password is irretrievable, what options do I have to get the SimpleMembership provider working.
I guessing some options are:
- Get my users to reset their passwords
- Getting the SimpleMembership provider to use the same password algo as the old ASP.Net Membership providers.
- Revert the new MVC 4 RTM internet application templates to use the old ASP.Net MemberShip providers. This is the least desirable options for me as I would like to use the SimpleMemberShip framework.
I would suspect many people are also looking to migrate their existing membership databases to the new SimpleMemberShip provider.
Any help greatly appreciated.
Cheers
Jim
回答1:
I'd like to surface Paul's comment in case anyone misses it and suggest his solution is the best I've seen.
http://pretzelsteelersfan.blogspot.com/2012/11/migrating-legacy-apps-to-new.html
Thanks Paul
回答2:
You have access to the plain text password when the user logs in, which gives you another option:
- Keep the old passwords in a separate table
- On login, first use the SimpleMembership method
- If that fails, check against the old password table using the old hash algorithm (you'll need to make sure the plain text password is still in the context)
- If that succeeds, update the SimpleMembership tables, and remove from the old password table
The users wouldn't need to know about the change, and the active users would have a more secure hash. If you'd like to force the security upgrade in the future, you can warn the users that their accounts will be deleted after a year of inactivity, and just retire the two-step system.
回答3:
I had a similar issue, I should have written a tutorial / blog post on doing this, but my solution was to add the following to my web.config (this corresponds to option #2):
<system.web>
<membership hashAlgorithmType="SHA1" defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" etc.../>
</providers>
</membership>
<machineKey validation="SHA1" />
...
</system.web>
The interesting part of the code above is the "hashAlgorithmType". Setting that to SHA1 will use the old asp.net memberships hashing algorithm.
I'm also in a similar position -- I either have to ask my users to update their passwords or keep with the specific hash algorithm.
Hope this helps! -Sig
来源:https://stackoverflow.com/questions/12236533/migrating-from-asp-net-membership-to-simplemembership-in-mvc4-rtm