A while ago I posted a message regarding an ASP.NET (.NET 2.0) webstie I am working on for a client, which utilizes the Membership API. The problem was that a seemingly random contingent of the 400+ users are having password change/reset problems. Apparently the users change their passwords, and then after a period of time their login magically stops working.
The obvious answer is that the users making typos. Since I was using asymmetric encryption (and it's way too late to back out of that) in the Membership API, I added a mid-level plain-text data capture that captures all users' login/password-related data input into a table with the user's unique ID, timestamp, and summary of the action being performed -- essentially an audit log.
Through that log I have been able to verify the users are NOT making typos. In the most recent instance, I used the audit log to attempt to log in as the user myself using all passwords that had been associated with the account. NONE of the passwords seem to be valid.
Has anybody ever heard of the Membership API magically losing and/or corrupting passwords? Does anyone have any idea what could be causing this?
Thanks for your help.