Solved

users table: password is encrypted , how to verify username and password in stored procedure

Posted on 2010-08-12
3
360 Views
Last Modified: 2012-06-27
hi, i need to write a stored procedure which would authenticate the username and password with the users table.

the users table's password field is encrypted
the users table looks like this:
UserID(decimal), UserName(nvarchar),Password(varbinary(Max))

 


this is what i tried, but it does not work

CREATE PROCEDURE sproc_Authenticate
(
@UserName varchar(50),
@Password  varchar(50),
@Ret int OUTPUT
)
WITH ENCRYPTION
as

 
declare @UserID int
set @UserID = (Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password))= @Password),0))



SET @Ret =  @UserID
GO


this query however returns the users and passwords
OPEN SYMMETRIC KEY MyTableKey DECRYPTION
BY CERTIFICATE EncryptCert
Select Username,CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password)) as password from users

how do i modify the select portion of the procedure
 i cant do this:
set @UserID = (OPEN SYMMETRIC KEY MyTableKey DECRYPTION
BY CERTIFICATE EncryptCert
Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(EPassword)) = @Password),0))


please help me, i want to learn and if i have to do a different method, i will gladly accept and learn.
0
Comment
Question by:jxharding
  • 3
3 Comments
 
LVL 51

Expert Comment

by:HainKurt
ID: 33423821
try this

OPEN SYMMETRIC KEY MyTableKey DECRYPTION
BY CERTIFICATE EncryptCert
declare @UserID int
set @UserID = (Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password))= @Password),0))
0
 
LVL 51

Accepted Solution

by:
HainKurt earned 500 total points
ID: 33423833
it is a seperate statement

http://msdn.microsoft.com/en-us/library/ms190499.aspx
OPEN SYMMETRIC KEY MyTableKey DECRYPTION BY CERTIFICATE EncryptCert

declare @UserID int
set @UserID = (Select isnull((Select UserID from Users Where UserName = @UserName and CONVERT(NVARCHAR(50),DECRYPTBYKEY(Password))= @Password),0))

Open in new window

0
 
LVL 51

Expert Comment

by:HainKurt
ID: 33423942
also check here

http://msdn.microsoft.com/en-us/library/ms181860(SQL.90).aspx

I guess you should close after you are done
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Mark Wills Attending one of Rob Farley's seminars the other day, I heard the phrase "The Accidental DBA" and fell in love with it. It got me thinking about the plight of the newcomer to SQL Server...  So if you are the accidental DBA, or, simp…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question