Login fails after upgrade to ASP.net 4.0 from 3.5

Question

I cannot log in using any of the membership accounts using .net 4.0 version of the app. It fails like it\'s the wrong password, and FailedPasswordAttemptCount is incremented

Answer 1

See: HERE

The default hashing algorithm has changed for .net 4.0. Default Hashing Algorithm Is Now HMACSHA256. Earlier versions of ASP.NET used the older HMACSHA1 algorithm.

To configure an ASP.NET 4 Web application to use the older HMACSHA1 algorithm, add the following setting to the system.web section of the Web.config file:

<machineKey validation="SHA1"/>

Answer 2

I am having the exact same problem. I have my web application in both 3.5 and 4.0 and only the "old" accounts work on the 3.5 instance.

Here's to hoping someone has an answer!

UPDATE:

I changed the passwordFormat to Clear and I was able to create a new user and log in with the 4.0 application. Looks like something has changed with the way the passwords are hashed.

UPDATE 2:

I was able to make one of the "old" accounts work. With the above change to the passwordFormat, I changed the PasswordFormat column in my_aspnet_membership to 0 and set the password manually in the same table. While this is convoluted and messy, it let the account get it. I'm going to try running password reset and see if that fixes the broken accounts.