The new MVC4 RTM internet application templates use the SimpleMembership providers as descibed here SimpleMembership
My existing MVC website uses the ASP.Membership framework and ideally I would like to migrate the user data in these tables to the new SimpleMembership tables. My reasons for wanting to do this are:
So I wrote a SQL script today to migrate the data in the existing ASP.Net Membership tables into the new Simple Membership tables. This can be found here
Testing the login in my MVC 4 website the password verification is failing. I believe the SimpleMembership uses a different password algo than the old Membership framework as new passwords created under the SimpleMemberShip framework look a lot longer.
So my question is since I was using the "hashed" password format in the old ASP.Net membership providers and the users original password is irretrievable, what options do I have to get the SimpleMembership provider working.
I guessing some options are:
I would suspect many people are also looking to migrate their existing membership databases to the new SimpleMemberShip provider.
Any help greatly appreciated.
Cheers
Jim
I'd like to surface Paul's comment in case anyone misses it and suggest his solution is the best I've seen.
http://pretzelsteelersfan.blogspot.com/2012/11/migrating-legacy-apps-to-new.html
Thanks Paul
You have access to the plain text password when the user logs in, which gives you another option:
The users wouldn't need to know about the change, and the active users would have a more secure hash. If you'd like to force the security upgrade in the future, you can warn the users that their accounts will be deleted after a year of inactivity, and just retire the two-step system.
I had a similar issue, I should have written a tutorial / blog post on doing this, but my solution was to add the following to my web.config (this corresponds to option #2):
<system.web>
<membership hashAlgorithmType="SHA1" defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" etc.../>
</providers>
</membership>
<machineKey validation="SHA1" />
...
</system.web>
The interesting part of the code above is the "hashAlgorithmType". Setting that to SHA1 will use the old asp.net memberships hashing algorithm.
I'm also in a similar position -- I either have to ask my users to update their passwords or keep with the specific hash algorithm.
Hope this helps! -Sig
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With