在共享 ASP.Net 成员资格表 Web 应用程序中使密码大小写不敏感
我有两个共享 ASP.Net 成员资格表的网络应用程序。
一切工作正常,除了我无法像在另一个应用程序中那样删除其中一个应用程序中的区分大小写。
在非工作应用程序中
void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
string username = Login1.UserName.Trim();
if (!string.IsNullOrEmpty(username))
{
MembershipUser user = Membership.GetUser(username);
if (user != null)
{
// Only adjust the UserName if the password is correct. This is more secure
// so a hacker can't find valid usernames if we adjust the case of mis-cased
// usernames with incorrect passwords.
string password = Login1.Password.ToUpper();
if (Membership.ValidateUser(user.UserName, password))
{
Login1.UserName = user.UserName;
}
}
}
}
不起作用。密码存储为全大写。在创建会员用户时转换!
因此,如果密码是 PASSWORD,则输入 PASSWORD 可以让我进行身份验证。但输入密码却不行!即使我可以看到发送的字符串是 PASSWORD (使用 toUpper() 转换的)。
我对此完全不知所措。在另一个应用程序中,我可以输入较低或较高或混合的内容,并且我能够进行身份验证。在另一个应用程序中,我没有使用登录控件中的文本框..不确定这是否会产生影响?
i have two webapps.. that share ASP.Net membership tables.
Everything works fine except i cannot remove case-sensitivity in one of the apps the way i am doing it in the other.
in the non-working app
void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
{
string username = Login1.UserName.Trim();
if (!string.IsNullOrEmpty(username))
{
MembershipUser user = Membership.GetUser(username);
if (user != null)
{
// Only adjust the UserName if the password is correct. This is more secure
// so a hacker can't find valid usernames if we adjust the case of mis-cased
// usernames with incorrect passwords.
string password = Login1.Password.ToUpper();
if (Membership.ValidateUser(user.UserName, password))
{
Login1.UserName = user.UserName;
}
}
}
}
is not working. the password is stored as all upper case. Converted at the time the membership user is created!
So if the password is PASSWORD, typing PASSWORD allows me to authenticate. but typing password does not! Even though i can see the string being sent is PASSWORD (converted with toUpper()).
I am at a complete loss on this.. in the other app i can type in lower or upper or mixed and i am able to authenticate. In the other app i am not using the textboxes from the login control though.. not sure if this is making the difference??
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您只是使用密码验证用户,而不是让他们登录,这发生在该过程的后期阶段。
验证 ucased 密码后,请在更新用户名的同一位置使用 ucased 密码更新 Login1 的密码文本框。
我似乎记得密码是只读的,所以你需要使用类似这样的东西:
这应该会给你你正在寻找的结果。
You are simply validating the user with the ucased password, you are not logging them in, this happens in a later stage of the process.
once you verify the ucased password, update the Login1's password textbox with the ucased password in the same place you are updating the username.
I seem to recall that password is readonly so you will need to use something like this:
That should give you the results that you are looking for.