Upgrade from 1.3.x to 2.0: Cannot login using existing user information

Topics: ASP.NET 2.0
Jan 25, 2011 at 3:27 AM

Hi all, 

I have just migrated my blog from version 1.3.x to 2.0, everything goes well except that I could not login using existing user credentials. I am using ASP.net membership and role provider, and I have modified the web.config file accordingly.

It is really strange that I can add a new user and login using that account, and I've verified that the new entries are added correctly to the database. The new data and old one are stored in the same place but it seems only newly added data can be accessed. 

Any suggestions? Thanks for any help.

Coordinator
Jan 25, 2011 at 8:21 AM

Are you on the same version of .NET as you were before?  Which .NET framework are you on now -- 3.5 or 4.0?

If you were on .NET 2.0 or 3.5 and if you're now on .NET 4.0, the default hashing algorithm changed from HMACSHA1 to HMACSHA256, as documented here.  I bring this up because I was working on a non-BE application and ran into this problem.  You could look at the old passwords, and compare them to the new passwords being created for the new users (in the DB).  And see if the passwords look different ... in particular the length of the passwords.

If you don't have a lot of old users, it is probably easiest to delete the users and re-add them.

Jan 26, 2011 at 9:21 PM

Thank you for your information, Ben. Yes, I am on different version of .NET, but I have set the validation attribute to 'SHA1' as the document said. Any ideas why it seems not making any changes?

Coordinator
Jan 27, 2011 at 8:21 AM

A second thing to check, is to add SHA1 to the <membership> tag (if you haven't already).  At least for me, that was needed for something "tricky" I was trying to do (long story).

<membership hashAlgorithmType="SHA1" .......>

Otherwise, the only thing to check is to see if the old hashed passwords look different than the new hashed passwords -- in terms of length.  From what I've seen, passwords hashed under a particular algorithm all seem to be about the same length (same number of characters).

Jan 27, 2011 at 9:40 PM

Thank you for the prompt reply. I added the attribute, but still doesn't work. I also double checked the database records, and find that the old and new passwords are in the same length. Since I have about 70 users only, maybe reseting all passwords is an easier way to go?

BTW, is there any way to debug asp.net membership workflow?