Currently Web Services can be logged in (in Windows) and the user ID case is irrelevant. However, when then using a subsequent service, the case of the userID is required to match that in the user ID field in the Contact record. Why this is like this is understood - logins when using Windows is case insensitive (whereas in Unix it would be case sensitive). However, the subsequent calls rely on the case of the user ID.
The suggestion is to replace the userID provided on login with the data from the contact record once the login is validated. In that way, in all cases, case sensitivity will be preserved.
An option would be to only allow case sensitive logins, but that would be inconsistent in the Windows environment.