Remove case sensitivity from FormsAuthentication.Authenticate of user name/password

Question

The below code and the config works fine, but force to enter user name/password case sensitively, i want to make it non case sensitive.

Code:

protected void LoginButton_Click(object sender, EventArgs e)
        {
            try
            {
                string uid = UserText.Text.Trim();
                string pwd= PwdText.Text.Trim();

                if (string.IsNullOrEmpty(uid) ||
                    string.IsNullOrEmpty(pwd))
                {
                    throw new ApplicationException("UserName or Password should not be blank.");
                }

                bool isAuthrnticated = FormsAuthentication.Authenticate(uid, pwd);

                if (isAuthrnticated)
                {
                    FormsAuthentication.SetAuthCookie("Admin", false);

                    //...
                }
                else
                {
                    ((Site)this.Master).ShowError("Invalid UserName/Password.", ErrorSeverity.Warning);
                }
            }
            catch (Exception ex)
            {
                ErrorLogger.LogError(ex);
                ((Site)this.Master).ShowError(ex.Message, ErrorSeverity.Warning);
            }
        }

Web.Config

<authentication mode="Forms">
  <forms defaultUrl="~/Default.aspx" loginUrl="~/Default.aspx" slidingExpiration="true" timeout="1000">
    <credentials passwordFormat="Clear">
      <user name="Admin" password="ZAdmin"/>
    </credentials>
  </forms>
</authentication>

Answer 1

When you store the username and password, instead of storing them as-is, call ToUpper() on them first. Then do the same thing to the strings you pass in to FormsAuthentication.Authenticate(). That way, both will have been converted to all-uppercase versions before comparing, rendering case irrelevant.

Answer 2

By default, usernames are not case sensetive and passwords are. The easiest way to do this is when they register, change both un and pw to either ToUpper() or ToLower() and then when you are authenticating, do the same to whatever they enter.

string uid = UserText.Text.Trim().ToUpper();
string pwd= PwdText.Text.Trim().ToUpper();

Answer 3

Set collations of your database so you do not need to keep track of case sensitivity http://sqlserver2000.databases.aspfaq.com/how-can-i-make-my-sql-queries-case-sensitive.html