Reputation: 1368
String comparisons while getting passwords
I'm going to ask a very basic question but since I'm getting this problem and I'm not getting why this is happening. Usually when we compare two strings like s1==s2 , it compares with length, characters, cases etc but while working in linq with the following query it is not matching the cases of the string. My DB has Password123 but when I enter password123, then also it return me a record which is actually wrong.
My query is:
var row = DB.tbllogin.Where(m => m.Id == LoginId && m.Password == pwd.Trim()).FirstOrDefault();
It is not matching the cases.The field in DB is of nvarchar type and pwd is of string type and I am using Entity Framework ORM.
Upvotes: 2
Views: 301
Answers (1)
Reputation: 1503140
The problem is that the comparison is being performed in SQL - I suspect if you execute the same query in SQL Studio, you'll get the same result.
One fix would be to change the database collation to be case-sensitive; it's not clear whether you can do this directly in LINQ itself. (It's one of those cases where the details are leaking through the abstraction.)
However, a better solution for this specific case would be to not store your passwords in plaintext to start with. It's horribly insecure. You should be storing a hash using something like bcrypt. See Jeff Atwood's blog post on the topic for more details.
Upvotes: 5
Related Questions
- Compare password and confirm password in ASP.Net MVC
- How to compare password with username in asp.net membership?
- How to use compare attribute to validate new password?
- Im trying to make a simple password confirmation
- Checking for Password within a password hint
- Compare (password) attribute
- Compare password using DataAnnotation in asp.net mvc
- c# string Compare
- Get the same password for the same string
- compare the password user input against from database