Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

users table: password is encrypted , how to verify username and password in stored procedure

Posted on 2010-08-12
3
Medium Priority
?
370 Views
Last Modified: 2012-06-27
hi, i need to write a stored procedure which would authenticate the username and password with the users table.

the users table's password field is encrypted
the users table looks like this:
UserID(decimal), UserName(nvarchar),Password(varbinary(Max))

 


this is what i tried, but it does not work

CREATE PROCEDURE sproc_Authenticate
(
@UserName varchar(50),
@Password  varchar(50),
@Ret int OUTPUT
)
WITH ENCRYPTION
as

 
declare @UserID int
set @UserID = (Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password))= @Password),0))



SET @Ret =  @UserID
GO


this query however returns the users and passwords
OPEN SYMMETRIC KEY MyTableKey DECRYPTION
BY CERTIFICATE EncryptCert
Select Username,CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password)) as password from users

how do i modify the select portion of the procedure
 i cant do this:
set @UserID = (OPEN SYMMETRIC KEY MyTableKey DECRYPTION
BY CERTIFICATE EncryptCert
Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(EPassword)) = @Password),0))


please help me, i want to learn and if i have to do a different method, i will gladly accept and learn.
0
Comment
Question by:jxharding
  • 3
3 Comments
 
LVL 61

Expert Comment

by:HainKurt
ID: 33423821
try this

OPEN SYMMETRIC KEY MyTableKey DECRYPTION
BY CERTIFICATE EncryptCert
declare @UserID int
set @UserID = (Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password))= @Password),0))
0
 
LVL 61

Accepted Solution

by:
HainKurt earned 2000 total points
ID: 33423833
it is a seperate statement

http://msdn.microsoft.com/en-us/library/ms190499.aspx
OPEN SYMMETRIC KEY MyTableKey DECRYPTION BY CERTIFICATE EncryptCert

declare @UserID int
set @UserID = (Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password))= @Password),0))

Open in new window

0
 
LVL 61

Expert Comment

by:HainKurt
ID: 33423942
also check here

http://msdn.microsoft.com/en-us/library/ms181860(SQL.90).aspx

I guess you should close after you are done
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Screencast - Getting to Know the Pipeline

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question