I cannot log in using any of the membership accounts using .net 4.0 version of the app. It fails like it's the wrong password, and FailedPasswordAttemptCount is incremented in my_aspnet_membership table. (I am using membership with mysql membership provider.)
I can create new users. They appear in the database. But I cannot log in using the new user credentials (yes, IsApproved is 1).
One clue is that the hashed passwords in the database is longer for the users created using the asp.net 4.0 version, e.g 3lwRden4e4Cm+cWVY/spa8oC3XGiKyQ2UWs5fxQ5l7g=, and the old .net 3.5 ones are all like +JQf1EcttK+3fZiFpbBANKVa92c=.
I can still log in when connecting to the same db with the .net 3.5 version, but only to the old accounts, not the new ones created with the .net 4.0 version. The 4.0 version cannot log in to any accounts.
I tried dropping the whole database on my test system, the membership tables are then auto created on first run, but it's still the same, can create users, but can't log in.
The default hashing algorithm has changed for .net 4.0. Default Hashing Algorithm Is Now HMACSHA256. Earlier versions of ASP.NET used the older HMACSHA1 algorithm.
To configure an ASP.NET 4 Web application to use the older HMACSHA1 algorithm, add the following setting to the system.web section of the Web.config file:
<machineKey validation="SHA1"/>