Bug #29235 Using AutoGenerated keys with the MySQL Membership Provider causes an exception.
Submitted: 20 Jun 2007 15:03 Modified: 2 Jul 2007 7:07
Reporter: Avi Dorfman
Status: Closed
Category:Connector/Net Severity:S2 (Serious)
Version:5.1.2.2 OS:Microsoft Windows
Assigned to: Target Version:
Tags: autogenerate, isolateapps, machinekey, validationkey, decryptionkey, mysql.web.security

[20 Jun 2007 15:03] Avi Dorfman 
Description:
When running an ASP.NET application under Visual Studio 2005 with it's validationKey
and\or decryptionKey settings set to "AutoGenerate[,IsolateApps]" and not a key value,
the MySQL Membership and Role Providers raise an exception while trying to encrypt,
decrypt or hash data:
"Additional non-parsable characters are at the end of the string".

After looking deeper into the process, I noticed it is because the providers access the
literal setting of the validation and decryption keys from the Web.config file, so they
retrieve "AutoGenerate,IsolateApps" instead of the actual key, and fail to convert those
strings into hexadecimal keys.

How to repeat:
1) Change your validationKey and decryptionKey settings in Web.config to
"AutoGenerate,IsolateApps".
2) Define the MySQL Membership and\or Role providers for use in your web application.
3) Try to add a new user using the Membership.CreateUser method.

Suggested fix:
Manually replace the "AutoGenerate,IsolateApps" value with a real hexadecimal key.
(It's only a temporary fix)
[21 Jun 2007 19:13] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/29328
[21 Jun 2007 19:13] Reggie Burnett 
Fixed in 5.1.3
[2 Jul 2007 7:07] MC Brown 
A note has been added to the 5.1.3 changelog: 

Using the membership/role providers when validationKey or decryptionKey parameters are
set to AutoGenerate, an exception would be raised when accessing the corresponding
values.