Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: MySQLMembershipProvider

the obsoleted password format is encrypted
membership provider hashing algorithm
asp net membership password encryption
asp net membership password salt

I have this setting:

<membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add connectionStringName="ODDConnectionString" enablePasswordRetrieval="false" 
        enablePasswordReset="true" requiresQuestionAndAnswer="false" 
        applicationName="PowerDETAILS" requiresUniqueEmail="false" 
        passwordFormat="Hashed" maxInvalidPasswordAttempts="5" 
        passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="6" 
        minRequiredNonalphanumericCharacters="0" name="AspNetSqlMembershipProvider" 
        type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

I had the same error on one of my sites. Eventually I opened up IIS Manager and looked at the connection strings for the site and saw that MySQL was in the list there even though it was not in the web.config. I tracked that down to it being in the machine.config file so the site was inheriting that connection. In Programs and Features I found a program for MySQL and uninstalled it. That fixed it for me. This may not be an option for you, but hoping it may help someone else.

Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is. .NET has detected that the listed providers are set to use plain text when storing passwords in the respective data store type. IdP ships with some undefined/unused membership providers using the default setting of "clear" (plain text).

Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is:  We would like to show you a description here but the site won’t allow us.

In case anyone else gets this issue,

Connection string issues appear to be the main cause of this, which I assume makes the app fall back to using the next available membership provider.

After some digging, The MySQLMembershipProvider originated from machine.config, which was indeed set up with passwordFormat="Clear".

To fix that, I added this to web.config:

  <system.web>
    <membership>
       <providers>
           <remove name="MySQLMembershipProvider" />
        </providers>
    </membership>
  </system.web>

Note: I wasn't using a custom membership provider, but if there is one you will probably want to run <clear /> just before <add ... />

Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is:  One of the MembershipPasswordFormat values indicating the format for storing passwords in the data store. Examples. For an example of a MembershipProvider implementation, see Implementing a Profile Provider. Remarks. The PasswordFormat property indicates the format that passwords are stored in. Use Hashed only, Clear and Encrypted are not secure.

I had a similar error appear after transferring azure site to a new server/resource.

It turned out that somehow I got part of my SQL connection in web.config string miss typed from usual ... providerName="System.Data.SqlClient" ... to one with additional "t" at the end ... providerName="System.Data.SqlClientt"

It is a bit strange how it got a MYSQL Membership provider errror in log files though..

Event ID 1310 Exception message: Unsecured Passwords Format Detected The Membership Provider that contains the unsecure passwords format is: AspNetSqlMembershipProvider. The obsoleted password format is: Encrypted. Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: MySQLMembershipProvider. The obsoleted password format is: Clear. There is nothing in the root of my site (live or local). I am using SQL Express and the SimpleMembershipProvider.

Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: MySQLMembershipProvider - sql-server. Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: WindowsMembershipProvider. The obsoleted password format is: Encrypted Does not make any sense, issue suddenly started a day ago, possible after I apply last patch for VS 2017, but it affects only my Episerver website.

NET 2.0's new membership provider allows for three different ways to protect user's passwords via the machine key to store passwords in the encrypted format” error when trying to create users. To create a <add name=“​MySqlMembershipProvider” NET has detected Web server is not running ASP. Examples. The following example shows the machineKey Element (ASP.NET Settings Schema) element in the system.web section of the Web.config file for an ASP.NET application. It specifies the application's SqlMembershipProvider instance and sets its password format to Hashed.

The Membership Provider that contains the unsecure passwords format is: WindowsMembershipProvider. The obsoleted password format is:  Exception information: Exception type: ConfigurationErrorsException Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: AspNetSqlMembershipProvider.

Comments
  • It's odd that the error references the MySQLMembershipProvider but you are setting AspNet. Is there another section in your file?
  • Jacob, can you get me more information?