Make password case unsensitive in shared ASP.Net membership tables web ap

Posted by bill on Stack Overflow See other posts from Stack Overflow or by bill
Published on 2010-05-31T22:10:49Z Indexed on 2010/05/31 22:13 UTC
Read the original article Hit count: 182

Filed under:

asp.net-membership

Hi all, i have two webapps.. that share ASP.Net membership tables.

Everything works fine except i cannot remove case-sensitivity in one of the apps the way i am doing it in the other.

in the non-working app

void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
    string username = Login1.UserName.Trim();
    if (!string.IsNullOrEmpty(username))
    { 
        MembershipUser user = Membership.GetUser(username);
        if (user != null)
        {
            // Only adjust the UserName if the password is correct.  This is more secure
            // so a hacker can't find valid usernames if we adjust the case of mis-cased
            // usernames with incorrect passwords.
            string password = Login1.Password.ToUpper();
            if (Membership.ValidateUser(user.UserName, password))
            { 
                Login1.UserName = user.UserName;
            }
        }
    }
}

is not working. the password is stored as all upper case. Converted at the time the membership user is created!

So if the password is PASSWORD, typing PASSWORD allows me to authenticate. but typing password does not! Even though i can see the string being sent is PASSWORD (converted with toUpper()).

I am at a complete loss on this.. in the other app i can type in lower or upper or mixed and i am able to authenticate. In the other app i am not using the textboxes from the login control though.. not sure if this is making the difference??

Related posts about asp.net-membership

Using the string resources of ASP.NET membership provider in a custom control

as seen on Stack Overflow - Search for 'Stack Overflow'
I have the request to build a custom control for ASP.NET membership. The control is somewhat special. So I can’t inherit from a built-in control. Is there an elegant way to access the string resources of ASP.NET membership provider to use them in custom controls? Creating for example CreateUserWizard… >>> More
Asp.Net membership via ASP.NET Website Administrator Tool

as seen on Stack Overflow - Search for 'Stack Overflow'
I created a database with aspnet_regsql, the database was created in sql sever 2008 and not in data folder in my project (do I need to move it to the folder manually?). Next, in Web Site Administration Tool I went to provider section and clicked don Test button. I got an error: Could not establish… >>> More
Avoid concurrent login (logout former login session) in ASP.net membership

as seen on Stack Overflow - Search for 'Stack Overflow'
I am learning the ASP.net membership feature. I am wondering how I can implement so that later login session logout former login session to avoid concurrent login. I know how to check whether the user is online (by Membership.IsOnline()) and logout the current user (by FormsAuthentication.SignOut())… >>> More
ASP.NET Membership with two providers cant use GetAllUsers method

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm using two membership providers. When I declared a following statement Dim allUsers As MembershipUserCollection = Membership.Providers("CustomSqlRoleManager").GetAllUsers Then, it gave me this error message. Argument not specified for paramenter 'totalRecords' of 'Public MustOverride… >>> More
How to set up asp.net membership with a web application instead of a web project

as seen on Stack Overflow - Search for 'Stack Overflow'
Originally the site was set up using a Website project which ended up not working for various reasons. I'm trying to make it work as a web application project and have started from the ground up with a new project. I have looked online and not found a good resource that explains some of the "simple"… >>> More

Developer IT