Search code examples
c#asp.net-mvcvisual-studio-2012simplemembership

Inconsistent display names of user account in ASP.NET MVC4 SimpleMembership

I am building a ASP.NET MVC4 Internet website using Visual Studio 2012.

VS2012 generated a template website by default, with SimpleMembership implemented.

The SimpleMembership feature is quite convinient, expect that there is one thing very confusing to me:

For example, I create a user account, with the user name say "Miles", and then login using the name "Miles", everthing is fine. Then I logout and login using the name "miles"(all lower case), the login is also sucessful, however, the user name reads "miles". To be more specific, the value of User.Identity.Name is "miles", instead of "Miles" in the database.

Likewise, I can use "miLes", "mILes", "MILES", etc. to login, and the user name will be the same. The common sense is that if the authentication is case-insensitve, the user name should be exactly the same as the one in database, in my case "Miles", not as what I type in the login textbox.

Does anyone know how to solve this problem? Thanks!

Solution

  • Reason

    In your AccountController you probablay see something like this by default:

    [HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
    if (ModelState.IsValid && WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
    {
        return RedirectToLocal(returnUrl);
    }

    // If we got this far, something failed, redisplay form
    ModelState.AddModelError("", "The user name or password provided is incorrect.");
    return View(model);
}

    WebSecurity.Login() is called (passing in the exact string on the model that you typed in your form).

    If you look at the source code of WebSecurity.cs you'll see that FormsAuthentication.SetAuthCookie() is called (again, still passing the exact typed string). Before this methods actually sets the cookie in the response, it executes GetAuthCookie(), still passing in the exact string you typed when logging in.

    This method actually builds out the authentication HttpCookie object once again using the data you typed in.

    Solution

    If you need the name to match exactly what's in your database, then you need to query for the record from the database and pass that value into WebSecurity.Login().