Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > REPOST: bug in Forms Authentication

Reply
Thread Tools

REPOST: bug in Forms Authentication

 
 
Tim_Mac
Guest
Posts: n/a
 
      11-12-2008
hi, i tried posting this last month but got no takers, trying again!

i have a minor problem where some users log in with capital letters
for their username, which looks bad when displayed on screen and also
causes discrepancies in some user activity logs maintained in the
database, e.g. "JOE BLOGGS Login" and "Joe Bloggs Login". in an
attempt to standardise the username case, i tried to read the correct
username from the database, this code used to work fine:

protected void Login1_LoggedIn(object sender, EventArgs e)
{
// find the Membership User
MembershipUser u = Membership.GetUser(this.Login1.UserName);
if(u == null)
throw new Exception("Could not locate user account for
" +
this.Login1.UserName);

// use the correct username case (from the aspnetdb database)
for the
login cookie
FormsAuthentication.SetAuthCookie(u.UserName, true);

}

but there seems to be a behaviour change since asp.net 3.5, this code
no longer works as expected, Membership.Username now returns the same
case as was submitted by the user, so the Username property is
actually not coming from the database at all. surely this can't be
'by design'?? can anyone confirm if this is a bug, and/or suggest a
workaround?
many thanks
tim
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms authentication - Multiple login forms based on directory acc Keltex ASP .Net Security 1 01-24-2006 03:06 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM
Forms Authentication, external authentication server, & rerouting to orig. req. URL Andrew Connell ASP .Net 1 10-21-2003 05:41 PM



Advertisments