I know this looks similar to other questions here but I don't think my case is the same as theirs.

I have a website that uses the AspNetSqlMembershipProvider to validate users. I would like to use the same database from a console application. According to several articles on the web I can use the System.Web.Security.Membership class from outside ASP.NET by copying the appropriate sections from web.config to app.config. That is what I did.

My console appliction can get the user with the requested name and I can confirm that the user is approved and is not locked out but ValidateUser returns false for a correct username and password pair.

I have found articles where people have had trouble with migrating code which may be due to a machine key mismatch but have also found a reference saying that machine key is only used if the passwordFormat property equals encrypted whereas I am using hashed.

Is the issue that the two pieces of code - the website and the console app - are in different assemblies and the assembly name or other property is being used during password hashing? In both cases the application name property is set to /.

Should I continue with this approach or just access the database directly and hash the password myself?

Have a look at this article:

http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm

Adding the membership configuration settings in your app.config may help.

Hope it helps!

It turns out that the original author of the website code - who was not me - converted the entered password to upper case before using it. As I didn't know this and my console application didn't do so ValidateUser was correctly reporting that the passwords did not match.