Hi,

I'd like to use passwordFormat="Encrypted", but am receiving the below exception when I try to create a new user. All I did was change from "Hashed" to "Encrypted". I assume I'm missing some configuration. Can anyone explain how to get this working or point me to a resource that explains it?

Thanks,

Mike

Exception has been thrown by the target of an invocation. at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Web.Administration.WebAdminMembershipProvider.CallWebAdminMembershipProviderHelperMethodOutParams(String methodName, Object[] parameters, Type[] paramTypes) at System.Web.Administration.WebAdminMembershipProvider.CreateUser(String username, String password, String email, String passwordQuestion, String passwordAnswer, Boolean isApproved, Object providerUserKey, MembershipCreateStatus& status) at System.Web.UI.WebControls.CreateUserWizard.AttemptCreateUser() at System.Web.UI.WebControls.CreateUserWizard.OnNextButtonClick(WizardNavigationEventArgs e) at System.Web.UI.WebControls.Wizard.OnBubbleEvent(Object source, EventArgs e) at System.Web.UI.WebControls.CreateUserWizard.OnBubbleEvent(Object source, EventArgs e) at System.Web.UI.WebControls.Wizard.WizardChildTable.OnBubbleEvent(Object source, EventArgs args) at System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) at System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Mike Hildner:

I assume I'm missing some configuration.

Can you show what you currently have in your Web.Config for that section?

Sure, thanks for taking a look. I fiddled with some other attributes.

All right, exactly what I wanted to see.....  compare it to a working Web.Config i have with fully working retrievable passwords

<membership>
        <providers>
               <remove name="AspNetSqlMembershipProvider"/>
               <add name="AspNetSqlMembershipProvider"
                        type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                        connectionStringName="LocalSqlServer"
                        enablePasswordRetrieval="true"
                        enablePasswordReset="true"
                        requiresQuestionAndAnswer="false" 
                        applicationName="/" 
                        requiresUniqueEmail="true"
                        passwordFormat="Encrypted"
                        maxInvalidPasswordAttempts="5"
                        passwordAttemptWindow="10"
                        passwordStrengthRegularExpression=""
                        minRequiredPasswordLength="4"
                        minRequiredNonalphanumericCharacters="0"/>
         </providers>
</membership>

So what i'd suggest, and this is only because i can tell you the above works, is replace <clear /> with the <remove name="...." />

And another thing I remember is that you have to set a "validationKey" and "decryptionKey" in Web.Config as well (sorry this block won't work, i had to change some of the values so i am not posting our encryption keys).  This node is a child of <system.web>

<machineKey
     validationKey="799541f718efc39gts7m9sd5e5b0717d5623e2da9184fc53,IsolateApps"  
     decryptionKey="45c9c4a6a04fcc1f1fbedace6678d4b8ea40604ec2du8ka0,IsolateApps"
      validation="AES"/>

I used some "ADAM generator" to generate those keys

Oooohh.. i still had bookarked the blog post where i learned that
http://weblogs.asp.net/owscott/archive/2005/05/11/406550.aspx

the link to the program i used is in the very last comment

Thanks MorningZ, you rock. Tthat did the trick. Adding the machineKey, that is. Doesn't seem to make a difference whether I use "clear" or "remove name" - either way works.

Thanks,

Mike

I havehad the same problem, followed what you have done, but when I use the <asp:passwordrecovery > tag my email still contains the password encrypted - what am I doing wrong?

I would appreciate it is anyone could help

my web.config file, along with other stuff, contains this:

Thanks in anticipation

I don't know if this help, but it worked for me.  If the user already exist the information about that user is stored in the default format, hashed.  You must delete the user and create it again.

Alberto Botero

Thankyou MorningZ,

This post helped solved the problem!   =o)

Cheers,

                        Matt