Make password case unsensitive in shared ASP.Net membership tables web ap

Posted by bill on Stack Overflow See other posts from Stack Overflow or by bill
Published on 2010-05-31T22:10:49Z Indexed on 2010/05/31 22:13 UTC
Read the original article Hit count: 209

Filed under:

Hi all, i have two webapps.. that share ASP.Net membership tables.

Everything works fine except i cannot remove case-sensitivity in one of the apps the way i am doing it in the other.

in the non-working app

void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
    string username = Login1.UserName.Trim();
    if (!string.IsNullOrEmpty(username))
    { 
        MembershipUser user = Membership.GetUser(username);
        if (user != null)
        {
            // Only adjust the UserName if the password is correct.  This is more secure
            // so a hacker can't find valid usernames if we adjust the case of mis-cased
            // usernames with incorrect passwords.
            string password = Login1.Password.ToUpper();
            if (Membership.ValidateUser(user.UserName, password))
            { 
                Login1.UserName = user.UserName;
            }
        }
    }
}

is not working. the password is stored as all upper case. Converted at the time the membership user is created!

So if the password is PASSWORD, typing PASSWORD allows me to authenticate. but typing password does not! Even though i can see the string being sent is PASSWORD (converted with toUpper()).

I am at a complete loss on this.. in the other app i can type in lower or upper or mixed and i am able to authenticate. In the other app i am not using the textboxes from the login control though.. not sure if this is making the difference??

© Stack Overflow or respective owner

Related posts about asp.net-membership