Usernames should be case insensitive

Status: Beta

Brought to you by: egroise

#44 Usernames should be case insensitive

Status: open

Owner: Eric GROISE

Labels: Security (3)

Priority: 5

Updated: 2004-03-11

Created: 2004-03-11

Creator: Robert Brinton

Private: No

If you are using windows authentication, windows
treats 'ibcodin' and 'IBCodin' as the same user.

If you are using forms authentication, the idea
that 'mouse', 'Mouse' and 'mouSe' are three different
users gives me a headache.

Discussion

Yann Schwartz - 2004-03-18

Logged In: YES
user_id=785251

I'm currently working on the XML and CONFIG authentication
modes. These issues should be worked out this week-end.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Robert Brinton - 2004-03-24

Logged In: YES
user_id=135065

I have currently patched my sources in the following places,
adding toLower() before strings are compared.

wiki.cs:
if ( currentPage.ownedBy == User.Identity.Name)
-to-
if ( currentPage.ownedBy.ToLower() ==
User.Identity.Name.ToLower())

wikiedit.aspx.cs
User.Identity.Name == currentPage.ownedBy
-to-
User.Identity.Name.ToLower() ==
currentPage.ownedBy.ToLower()

user != currentPage.ownedBy
-to-
user.ToLower() != currentPage.ownedBy.ToLower()

WikiLogin.aspx.cs
(I made a .ToLower() change in this file too)

_WikiUserSettings.cs
(If usernames are case insensitive, administrator selection
should be too.)

(I think that is all of them...let me know if I missed any)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.