Bug #64341 MySQLMembershipProvider not correctly handle minRequiredPasswordLength
Submitted: 15 Feb 2012 14:58 Modified: 14 May 2012 17:14
Reporter: timz ttii Email Updates:
Status: Not a Bug Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:6.4.4 OS:Windows ( x32)
Assigned to: Roberto Ezequiel Garcia Ballesteros CPU Architecture:Any

[15 Feb 2012 14:58] timz ttii 
Description:
in vs2010 I created mvc3-project by default. In the web.config added
<connectionStrings>
     <add name="LocalMySqlServer" connectionString="Datasource=localhost;Database=users;uid=root;pwd=123;" providerName="MySql.Data.MySqlClient" />
   </ connectionStrings>
and
  <membership>
       <providers>
         <add name = "MySQLMembershipProvider" type = "MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version = 6.4.4.0, Culture = neutral, PublicKeyToken = c5687fc88969c44d"
              connectionStringName = "LocalMySqlServer" enablePasswordRetrieval = "false" enablePasswordReset = "true" requiresQuestionAndAnswer = "true"
              applicationName = "/" requiresUniqueEmail = "false" passwordFormat = "Clear" maxInvalidPasswordAttempts = "5" minRequiredPasswordLength = "3"
              passwordAttemptWindow = "10" MinRequiredNonalphanumericCharacters = "0"
              autogenerateschema = "true" />
       </ providers>
     </ membership>

when trying to register a new user http:/site/Account/Registr validator returns an error:

***
The Password must be at least 6 characters long.
***

If you enter a 6 character, returns the error:

***
Account creation was unsuccessful. Please correct the errors and try again.
The password provided is invalid. Please enter a valid password value.
***

If you enter a 6 character and "NonalphanumericCharacters" then the registration is successfully

How to repeat:
see Description
[15 Feb 2012 21:55] Roberto Ezequiel Garcia Ballesteros 
Hi Timz!

I reviewed your post and I think you need to update your MVC3 application in order to Membership provider work as you expected. If you change the minRequiredPasswordLength attribute in Web.config as you did, you should change the default minimum length value for Password in the MVC3 application too.

You can change this value in AccountModels.cs / RegisterModel class / Password property / StringLength attribute / MinimumLength = 3

Please try this change and let me know if it works for you.
[16 Feb 2012 4:31] timz ttii 
Check the password is in a class of Membership. I had to write my MembershipProvider to get it working. Thank you!
[16 Feb 2012 18:52] Roberto Ezequiel Garcia Ballesteros 
After doing a last test, I noticed that the application is taking the default provider (AspNetSqlMembershipProvider) and its attributes. This provider is defined in machine.config file. To solve this situation you can:
1) Add <clear/> after <providers> tag and before any add provider
2) Set default provider 

Your configuration should be:

    <membership defaultProvider="MySQLMembershipProvider">
      <providers>
        <clear/>
        <add name="MySQLMembershipProvider" ...

I know you have your own provider, but it could be useful next time you wanted to use the MySqlMembership provider.

Regards.
[17 Feb 2012 1:28] timz ttii 
Excellent! Thank you!