Click here to Skip to main content
15,567,221 members
Please Sign up or sign in to vote.
1.00/5 (3 votes)
See more:
Hello..

I have a login page in asp.net c# which contains two textfields
Username :
Password :

In my database, i have stored username and password as
admin and admin respectively in lowercase..


When i enter the username as admin and password as admin in the textfields...
It successfully logs in

However i tried entering
Username as ADMIN
And
Password as ADMIN

In Capslock i.e.
It still successfully logged in...

I want that the case entered in the textfields should match with that of the username and password stored in Database

How do i make username and password as case sensitive..

What I have tried:

My Login.aspx.cs page has the following code

C#
protected void Loginbtn_Click(object sender, EventArgs e)
   {
       con.Open();

           SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM NEWADMIN WHERE admin_username='" + username.Text + "' AND admin_password='" + Password.Text + "'", con);
           int a = Convert.ToInt32(cmd.ExecuteScalar());

           SqlCommand cmd1 = new SqlCommand("SELECT admin_id FROM NEWADMIN WHERE admin_username='" + username.Text + "'", con);
           Session["admin_id"] = cmd1.ExecuteScalar();
           if (a >= 1)
           {
               Response.Redirect("Homepage.aspx");
           }

       con.Close();




   }
Posted
Updated 3-Apr-17 10:58am
v2
Comments
Michael_Davies 3-Apr-17 2:27am    
We cannot tell what is happening, show the code in question.
Mrunal Pawar 3-Apr-17 14:05pm    
hello..
I have included the code in the question.
Please do tell me what to do
Thanks
ZurdoDev 3-Apr-17 7:44am    
There is no way for us to know since we can't see your code. If your password is stored in plain text like that then just use a SQL collation statement to enforce case sensitivity.
Mrunal Pawar 3-Apr-17 14:08pm    
I read about this solution to change the collation in sql server, but i did not understand how to do it..
how should i use SQL collation statement to enforce case sensitivity.
Thanks in advance
ZurdoDev 3-Apr-17 14:10pm    
SELECT Column1
FROM Table1
WHERE Column1 COLLATE Latin1_General_CS_AS = 'casesensitivesearch'

There are several things you can do.
1. Follow the guidance from @RyanDev, use Case Sensitive collation to compare the string.
C#
SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM NEWADMIN WHERE admin_username COLLATE Latin1_General_CS_AS='" + username.Text + "' AND admin_password COLLATE Latin1_General_CS_AS='" + Password.Text + "'", con);

How to do a case sensitive search in WHERE clause (I'm using SQL Server)? - Stack Overflow[^]

Once you got #1 to work, your coding spirit will rise, and start to explore the following.

2. Alter the table change the collation of the column(s)

SQL SERVER - Collate - Case Sensitive SQL Query Search - Journey to SQL Authority with Pinal Dave[^]

3. Use Parameterized Query in the code to minimize SQL injection possibility

How to: Execute a Parameterized Query[^]

4. Respect the user data. Follow the suggestion from @hdnjith, encrypt/hash the password

Salted Password Hashing - Doing it Right[^]
 
Share this answer
 
v3
Most probably you may have to change the way that you saving your username/password.
have you use any password encryption method? if no try below,

create a column in your table to store password and set its data type to varbinary(500)

if you are using stored procedure to save your data you can save password by encrypting like below,

SQL
DECLARE @Plaintext nvarchar(500)
SET @Plaintext = @in_Password
set @Plaintext = HashBytes('MD5', @Plaintext)


@in_Password is the password field that you provide. and insert it as

SQL
INSERT INTO Users
           (Password)
     VALUES
           (@Plaintext)

OR

SQL
INSERT INTO Users
           (Password)
     VALUES
           (HashBytes('MD5', @in_Password)


in user login event compare password as

SQL
SELECT * FROM User
WHERE UserName=@UserName
AND password=HashBytes('MD5', @password)
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900