MembershipProvider.ValidateUser Always Returning False

Working with a legacy authentication system, I was attempting to get a login working for an application hosted locally. I was calling ValidateUser with the correct username and password within our system but noticed I was still getting false back from the method.

Here is a list of things I tried & looked for in case this might be your issue:

  • User is not locked out
  • User is approved
  • Ensure you are using the correct password format (Hash vs Encrypted)

Everything seemed correct and I was still getting false. Running out of places to look, I searched for any errors in the Event Viewer. I noticed I kept getting an error for the failed attempts:

Event code: 4006
Event message: Membership credential verification failed.
Process name: iisexpress.exe

This was different than what I’ve seen before. In searching for that specific message, I tried the following as well:

  • Added an Application Name to the Membership connection string – Peter Kellner
  • Adding hashAlgorithmType=”SHA1″ to my connection string – stackoverflow
  • Ensured everything had the proper permissions

So, what it ended up being was a mismatch from what I had in my applicationName in my provider connection string and what was in the application name field in my database. The applicationName in the provider connection string actually looks at the LoweredApplicationName column, not the ApplicationName column. After changing to match, everything worked as expected!


Releated Post

Leave a Reply

%d bloggers like this: