Login page capslock error case insensitive

Question

1.00/5 (3 votes)

See more:

Hello..

I have a login page in asp.net c# which contains two textfields
Username :
Password :

In my database, i have stored username and password as
admin and admin respectively in lowercase..

When i enter the username as admin and password as admin in the textfields...
It successfully logs in

However i tried entering
Username as ADMIN
And
Password as ADMIN

In Capslock i.e.
It still successfully logged in...

I want that the case entered in the textfields should match with that of the username and password stored in Database

How do i make username and password as case sensitive..

What I have tried:

My Login.aspx.cs page has the following code

C#

protected void Loginbtn_Click(object sender, EventArgs e)
   {
       con.Open();

           SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM NEWADMIN WHERE admin_username='" + username.Text + "' AND admin_password='" + Password.Text + "'", con);
           int a = Convert.ToInt32(cmd.ExecuteScalar());

           SqlCommand cmd1 = new SqlCommand("SELECT admin_id FROM NEWADMIN WHERE admin_username='" + username.Text + "'", con);
           Session["admin_id"] = cmd1.ExecuteScalar();
           if (a >= 1)
           {
               Response.Redirect("Homepage.aspx");
           }

       con.Close();




   }

Posted 2-Apr-17 18:55pm

Mrunal Pawar

Updated 3-Apr-17 9:58am

v2

Add a Solution

Comments

Michael_Davies 3-Apr-17 2:27am

We cannot tell what is happening, show the code in question.

Mrunal Pawar 3-Apr-17 14:05pm

hello..
I have included the code in the question.
Please do tell me what to do
Thanks

ZurdoDev 3-Apr-17 7:44am

There is no way for us to know since we can't see your code. If your password is stored in plain text like that then just use a SQL collation statement to enforce case sensitivity.

Mrunal Pawar 3-Apr-17 14:08pm

I read about this solution to change the collation in sql server, but i did not understand how to do it..
how should i use SQL collation statement to enforce case sensitivity.
Thanks in advance

ZurdoDev 3-Apr-17 14:10pm

SELECT Column1
FROM Table1
WHERE Column1 COLLATE Latin1_General_CS_AS = 'casesensitivesearch'

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Bryian Tan · Accepted Answer · 2017-04-03T09:58:00

There are several things you can do.
1. Follow the guidance from @RyanDev, use Case Sensitive collation to compare the string.

C#

SqlCommand cmd = new SqlCommand("SELECT COUNT(*) FROM NEWADMIN WHERE admin_username COLLATE Latin1_General_CS_AS='" + username.Text + "' AND admin_password COLLATE Latin1_General_CS_AS='" + Password.Text + "'", con);

How to do a case sensitive search in WHERE clause (I'm using SQL Server)? - Stack Overflow[^]

Once you got #1 to work, your coding spirit will rise, and start to explore the following.

2. Alter the table change the collation of the column(s)

SQL SERVER - Collate - Case Sensitive SQL Query Search - Journey to SQL Authority with Pinal Dave[^]

3. Use Parameterized Query in the code to minimize SQL injection possibility

How to: Execute a Parameterized Query[^]

4. Respect the user data. Follow the suggestion from @hdnjith, encrypt/hash the password

Salted Password Hashing - Doing it Right[^]

Nayanajith Karunarathna · Accepted Answer · 2017-04-02T20:29:00

Most probably you may have to change the way that you saving your username/password.
have you use any password encryption method? if no try below,

create a column in your table to store password and set its data type to varbinary(500)

if you are using stored procedure to save your data you can save password by encrypting like below,

SQL

DECLARE @Plaintext nvarchar(500)
SET @Plaintext = @in_Password
set @Plaintext = HashBytes('MD5', @Plaintext)

@in_Password is the password field that you provide. and insert it as

SQL

INSERT INTO Users
           (Password)
     VALUES
           (@Plaintext)

OR

SQL

INSERT INTO Users
           (Password)
     VALUES
           (HashBytes('MD5', @in_Password)

in user login event compare password as

SQL

SELECT * FROM User
WHERE UserName=@UserName
AND password=HashBytes('MD5', @password)

Login page capslock error case insensitive

2 solutions

Solution 2

Solution 1

Add your solution here

Preview 0