I start by adding a machinekey to the web.config with the keys from my existing application....but after I do this, my admin password in YAF still worked (I would expect it to fail), implying that the machinekey is not used in the hashing algorithm?? Is this true?
I then attempted to copy a known password and password hash from the existing application into the YAF membership table, assuming that like many other asp.net membership based applications that all I need is the machinekey, salt and password hash in order to log in....this didn't work.
How can I migrate existing membership users with hashed passwords?
Secondly, you don't need to do any migration. YAF will use your existing membership and password... NO QUESTIONS OR PASSWORD HASHES ASKED.
Why? Because ASP.NET is provider: it provides user and roles to YAF.NET. YAF.NET does not care HOW or WHY. It just asks the membership: is someone logged it? Who? Can you log them in? Etc.
The membership is a distinct and separate part. What's the point? So that all applications and systems have a "standard" to work with in regards to users.
Let's stop over thinking membership already.... :roll:
Your first point about not hashing passwords is what? That the membership provider uses a proprietary "encryption" algorithm, fine. If I need to I will pull down source and figure out what non-standard encryption or hashing is happening there.
Second, there are several questions about integration and the YAF membership in your own forum. This would imply that the documentation on how to accomplish a migration (yes, I've read them) is lacking. There have been a few good attempts at documentation by users, but mostly through the FORUM. The WIKI is not clear on how to accomplish an integration or migration. You're right, membership is simple, properly document the proprietary stuff YAF is doing (so source isn't required), how to integrate properly with YAF, and how to migrate from an existing application....and you won't get what you apparently feel are repetitive questions.
Please don't take these comments in any other form than they are intended....as constructive criticism.