I know this looks similar to other questions here but I don't think my case is the same as theirs.
I have a website that uses the AspNetSqlMembershipProvider to validate users. I would like to use the same database from a console application. According to several articles on the web I can use the System.Web.Security.Membership class from outside ASP.NET by copying the appropriate sections from web.config to app.config. That is what I did.
My console appliction can get the user with the requested name and I can confirm that the user is approved and is not locked out but ValidateUser returns false for a correct username and password pair.
I have found articles where people have had trouble with migrating code which may be due to a machine key mismatch but have also found a reference saying that machine key is only used if the passwordFormat property equals encrypted whereas I am using hashed.
Is the issue that the two pieces of code - the website and the console app - are in different assemblies and the assembly name or other property is being used during password hashing? In both cases the application name property is set to /.
Should I continue with this approach or just access the database directly and hash the password myself?