Membership.ValidateUser always returns false after upgrade to VS 2010 / .NET 4.0

Question

Not sure whether this pertains to VS 2010 or to the upgraded framework, but... we are using the Oracle membership provider to authenticate users. Prior to the upgrade everyt

Answer 1

You may be experiencing machineKey disparity.

In web.config - the implicit machineKey section uses autogenerated encryption and validation keys that are again keyed against the app Id (AutoGenerate,IsolateApps).

Are you testing with a different application instance or on another machine?

Is the Oracle membership provider 2.0 or 4.0?

And this is just a stab in the dark, maybe this will lead you to a solution.

From .NET Framework 4 Migration Issues

Membership types

Some types (for example, System.Web.Security.MembershipProvider) that are used in ASP.NET membership have been moved from System.Web.dll to the System.Web.ApplicationServices.dll assembly. The types were moved in order to resolve architectural layering dependencies between types in the client and in extended .NET Framework SKUs.

Class libraries that have been upgraded from earlier versions of ASP.NET and that use membership types that have been moved might fail to compile when used in an ASP.NET 4 project. If so, add a reference in the class library project to System.Web.ApplicationServices.dll

Answer 2

The answer (according to this post) is to specify hashAlgorithmType="SHA1" in the Web.config:

<membership defaultProvider="OracleMembershipProvider" hashAlgorithmType="SHA1"/>

This did not solve the problem for existing users, but newly created users can log in now.

Answer 3

Sounds a little bit like the problem I am having..

Adding a machineKey element to web.config instead of hashAlgorithmType="SHA1" fixed the problem.. but I still don't understand why I need to put that there... haven't been able to find any documentation either..

You can check out my question here.. The user name or password provided is incorrect. in MVC 3 Internet Application