Make password case unsensitive in shared ASP.Net membership tables web ap
Posted
by bill
on Stack Overflow
See other posts from Stack Overflow
or by bill
Published on 2010-05-31T22:10:49Z
Indexed on
2010/05/31
22:13 UTC
Read the original article
Hit count: 209
asp.net-membership
Hi all, i have two webapps.. that share ASP.Net membership tables.
Everything works fine except i cannot remove case-sensitivity in one of the apps the way i am doing it in the other.
in the non-working app
void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
string username = Login1.UserName.Trim();
if (!string.IsNullOrEmpty(username))
{
MembershipUser user = Membership.GetUser(username);
if (user != null)
{
// Only adjust the UserName if the password is correct. This is more secure
// so a hacker can't find valid usernames if we adjust the case of mis-cased
// usernames with incorrect passwords.
string password = Login1.Password.ToUpper();
if (Membership.ValidateUser(user.UserName, password))
{
Login1.UserName = user.UserName;
}
}
}
}
is not working. the password is stored as all upper case. Converted at the time the membership user is created!
So if the password is PASSWORD, typing PASSWORD allows me to authenticate. but typing password does not! Even though i can see the string being sent is PASSWORD (converted with toUpper()).
I am at a complete loss on this.. in the other app i can type in lower or upper or mixed and i am able to authenticate. In the other app i am not using the textboxes from the login control though.. not sure if this is making the difference??
© Stack Overflow or respective owner