Welcome to WebmasterWorld Guest from 18.206.16.123

Forum Moderators: ocean10000

Message Too Old, No Replies

asp:Login Problem

     
6:57 pm on May 16, 2009 (gmt 0)

New User

10+ Year Member

joined:Mar 13, 2009
posts: 5
votes: 0


Hello,

I am making a web site with master page in C#. I used membership, Roles and Profile.

I am using asp:Login, when I log in it doesn’t match the exact UserName in my database and lets me in the application for example the UserName in my database is “Admin” but it aslo logs me in if I enter “admin” or “adMIN” or “AdMin”. How can I fix this that whatever value I have in the database it should exactly match the value for example if I have “Admin” in my database, the application should only let me in if I enter “Admin” in the asp:Login

8:44 am on May 17, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 1, 2005
posts:733
votes: 0


I can't imagine why anyone would want this, as it is standard procedure for the login name not to be case sensitive.

Try it yourself, log in to windows, or even WebmasterWorld with your user name in all caps for example, you'll see that it makes no difference.

It would most likely be possible to roll your own membership functionality to achieve this, but to be honest, it sounds like a lot of work which will probably just annoy your users

1:45 pm on May 17, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 15, 2003
posts:2640
votes: 5


I can't imagine why anyone would want this, as it is standard procedure for the login name not to be case sensitive.

Well security for one. The more chars you allow to build a user name then the harder it is to crack.

Login names should always be case sensitive imo.

4:37 pm on May 17, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month

joined:Jan 14, 2004
posts:864
votes: 3


As a software designer you have to pick a balancing act between security and usability here. I would error on the usability side of things in this case.

I personally feel having non case sensitive usernames saves me few gray hairs. Saves on the tech support issues. And duplicated usernames where the user signs up many times with the same username, just different upper and lower case variations.

At the vary least you want to make sure the username can only be used once no mater the upper and lower case variations. This will allow you in the future undo the case sensitive requirement without having to change peoples usernames.

[edited by: Ocean10000 at 4:40 pm (utc) on May 17, 2009]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members