ASP.NET 4 Membership Machine Key

StackOverflow https://stackoverflow.com/questions/8705140

  •  12-04-2021
  •  | 
  •  

Question

I have had a working asp.net 4 membership wesite for about 5 months and today I changed the regex to loosen the password restrictions. I can still create and access new accounts, but can no longer access any of the previously registered ones.

I have checked the database and confirmed that they are all still there. My initial thought was an incorrect password. I've checked two accounts that I knew the password for and both are inaccessable. I attempted to use the password recovery option, but when I type in the username I'm told that the user does not exist.

When I check the databases and consult both the membership and profile tables, the old and new users, pre and post regex change, are all in the same table. This leads me to my final discovery and the one that I have no experience. Is there a new Machine Key that is creating the new users but cannot decipher the old ones, hence making them unavailable? If so, how can I fix this?

Was it helpful?

Solution

Like your comment my first thought was that the application key has been altered. This key is stored in web.config/system.web/membership:

<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider"
      ...
      applicationName="YOUR_KEY_HERE" />
  </providers>
</membership>

This key allows different applications with the same membership provider (e.g. the System.Web.Security.SqlMembershipProvider in your case) to utilize the same database for storing membership data.

One provider will not see users from the other provider and vice versa, because they take the aplication name into account when querying the database. But when you look at the Users table, you may not notice immediately the relation, since the SqlMembershipProvider uses a Guid in the Users table. But it's a foreign key to the Applications table, where you can find the application name.

See also: Always set the "applicationName" property when configuring ASP.NET 2.0 Membership and other Providers

OTHER TIPS

My problem was slightly different* but I specified my own machine key in web.config. See the details here: http://msdn.microsoft.com/en-us/library/ff649308.aspx

(* my app was wandering from server to server in a large virtualized server farm hence changing the machine key with each hop causing the app being unable to read the cookies it has previously set.)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top