Bug #62203 The mono runtime did not support hashed passwords.
Submitted: 18 Aug 2011 15:19 Modified: 19 Oct 2011 17:29
Reporter: William Leader Email Updates:
Status: Closed Impact on me:
Category:Connector / NET Severity:S3 (Non-critical)
Version:6.4.3 OS:Any
Assigned to: Reggie Burnett CPU Architecture:Any
Tags: Hashed, Mono, passwords

[18 Aug 2011 15:19] William Leader
When using the MySQL.Web.dll assembly to use the ASP.Net Membership provider, if the app.config or web.config has the provider set to use Hashed passwords, when running the web application with Mono, the following exception will be raised.

System.Configuration.Provider.ProviderException: The mono runtime did not support hashed passwords.  Please use clear or encrypted passwords.
  at MySql.Web.Security.MySQLMembershipProvider.Initialize (System.String name, System.Collections.Specialized.NameValueCollection config) [0x00000] in <filename unknown>:0

This appears to be related to bug 38895 (http://bugs.mysql.com/bug.php?id=38895).

In that bug it was discovered that mono did not support the needed hashing code, and a check was added to the code to throw this error and die gracefully instead of allowing the less helpful error "Method not found: 'System.Web.Security.Membership.get_HashAlgorithmType'" to be shown. This change appears to have been made in this revision: (http://bazaar.launchpad.net/~mysql-clr-team/connectornet/trunk/revision/514.1.100)

This was done three years ago when Mono did lack this functionality. I believe this is not longer be the case. This thread (http://go-mono.com/forums/#nabble-td1503416) seems to show that SHA1 was available in Mono 2.0 rc1 by 9 Sept. 2008 shortly after the original bug was marked fixed on 5 Sept. 2008.

A review of the current Mono code at: https://github.com/mono/mono/blob/master/mcs/class/System.Web/System.Web.Security/Membersh... shows that the method get_HashAlgorithmType does now exist. 

Further more, according to these source files SHA1 support does exist in mono:

SHA1 cryptography is available in Mono at this time.

How to repeat:
Use the MySql.Web.Security.MySQLMembershipProvider in a project and set its password format to Hashed and run the code under the Mono runtime.

Suggested fix:
Remove the test in MySql.Web/Providers/Source/MembershipProvider.cs that prevents the use of Mono with Hashed passwords. Newer versions of mono should have the required support to allow password hashing to function normally.
[19 Oct 2011 17:29] Reggie Burnett
Fixed in 6.3.8, 6.4.5+
[23 Nov 2011 1:20] Philip Olson
Fixed as of Connector/NET 6.3.8 and 6.4.5:

+        The <literal>Mono</literal> runtime did not support hashed
+        passwords.