Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: MySQLMembershipProvider

Question

I have this setting:

<membership>
      <providers>
        <remove name="AspNetSqlMembershipProvider" />
        <add connectionStringName="ODDConnectionString" enablePasswordRetrieval="false" 
        enablePasswordReset="true" requiresQuestionAndAnswer="false" 
        applicationName="PowerDETAILS" requiresUniqueEmail="false" 
        passwordFormat="Hashed" maxInvalidPasswordAttempts="5" 
        passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="6" 
        minRequiredNonalphanumericCharacters="0" name="AspNetSqlMembershipProvider" 
        type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

and my WebSite is running over .Net 4.7 in Azure. So I am getting the error:

<EventData>
<Data>3008</Data><Data>A configuration error has occurred.</Data><Data>2/13/2018 12:30:25 PM</Data><Data>2/13/2018 12:30:25 PM</Data><Data>3a0ffc7b9f2d4fd2ad953a30ee5a9c72</Data><Data>5</Data><Data>1</Data><Data>0</Data><Data>/LM/W3SVC/1252528142/ROOT-1-131629985115748797</Data><Data>Full</Data><Data>/</Data><Data>D:\home\site\wwwroot\</Data><Data>RD0003FF8196EA</Data><Data/><Data>17572</Data><Data>w3wp.exe</Data><Data>IIS APPPOOL\prod-tampa-power-details</Data><Data>ConfigurationErrorsException</Data><Data>Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: MySQLMembershipProvider. The obsoleted password format is: Clear. For more information, see https://go.microsoft.com/fwlink/?linkid=834784. </Data><Data>https://tampa.powerdetails.com:443/Login.aspx?ReturnUrl=/Secure/HomeAdmin.aspx</Data><Data>/Login.aspx</Data><Data>198.199.209.76</Data><Data/><Data>False</Data><Data/><Data>IIS APPPOOL\prod-tampa-power-details</Data><Data>32</Data><Data>IIS APPPOOL\prod-tampa-power-details</Data><Data>False</Data><Data> </Data>
</EventData>
</Event>

I check all information in Microsoft Help Link, but I do not know what could be wrong?

Answer 1

I had the same error on one of my sites. Eventually I opened up IIS Manager and looked at the connection strings for the site and saw that MySQL was in the list there even though it was not in the web.config. I tracked that down to it being in the machine.config file so the site was inheriting that connection. In Programs and Features I found a program for MySQL and uninstalled it. That fixed it for me. This may not be an option for you, but hoping it may help someone else.

Answer 2

I had a similar error appear after transferring azure site to a new server/resource.

It turned out that somehow I got part of my SQL connection in web.config string miss typed from usual ... providerName="System.Data.SqlClient" ... to one with additional "t" at the end ... providerName="System.Data.SqlClientt"

It is a bit strange how it got a MYSQL Membership provider errror in log files though..

Answer 3

passwordFormat="[Clear|Hashed|Encrypted]"

Storage format for the password:

• Hashed (SHA1)
• Clear
• Encrypted (Triple-DES)

Answer 4

In case anyone else gets this issue,

Connection string issues appear to be the main cause of this, which I assume makes the app fall back to using the next available membership provider.

After some digging, The MySQLMembershipProvider originated from machine.config, which was indeed set up with passwordFormat="Clear".

To fix that, I added this to web.config:

  <system.web>
    <membership>
       <providers>
           <remove name="MySQLMembershipProvider" />
        </providers>
    </membership>
  </system.web>

Note: I wasn't using a custom membership provider, but if there is one you will probably want to run <clear /> just before <add ... />