?
Solved

password and verify store procedures - not working -

Posted on 2011-02-28
4
Medium Priority
?
379 Views
Last Modified: 2012-06-27
After I exec and create a new user.
then I try to verify it but it is always returning "Failed"

am I doing it right?

----------

USE [SA02012011]
GO
/****** Object:  StoredProcedure [dbo].[pAddUser]    Script Date: 02/28/2011 10:56:10 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[pAddUser](
      @UserName VARCHAR(20),
      @eMail VARCHAR(20),
      @Algorithm VARCHAR(16),
      @Pass VARCHAR(16)
)
AS
BEGIN
      set nocount on
      
      INSERT INTO PersonID (UserName, eMail, passwordID)
select @UserName, @eMail, hashbytes(@Algorithm,@Pass)
END


USE [SA02012011]
GO
/****** Object:  StoredProcedure [dbo].[pVerifyCredentials]    Script Date: 02/28/2011 10:55:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[pVerifyCredentials](
      @UserName VARCHAR(20),
      @Algorithm VARCHAR(16),
      @Pass VARCHAR(16)
)
AS
BEGIN
      set nocount on
      select case num when 1 then 'OK'
                      else 'Failed'
                      end as Result
        from (
      SELECT count(*) as Num
        FROM PersonID
       WHERE UserName = @UserName
         AND passwordID = convert(binary(16),HASHBYTES(@Algorithm, @Pass))
              ) AS X
END
return

0
Comment
Question by:goodk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Rajkumar Gs earned 1600 total points
ID: 34998968
I think the Stored Procedure is having issue - Try this modified one
/****** Object:  StoredProcedure [dbo].[pVerifyCredentials]    Script Date: 02/28/2011 10:55:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[pVerifyCredentials]
    (
      @UserName VARCHAR(20) ,
      @Algorithm VARCHAR(16) ,
      @Pass VARCHAR(16)
    )
AS 
    BEGIN
        SET nocount ON
        SELECT  CASE num
                  WHEN 1 THEN 'OK'
                  ELSE 'Failed'
                END AS Result
        FROM    ( SELECT    COUNT(*) AS Num
                  FROM      PersonID
                  WHERE     UserName = @UserName
                            AND passwordID = HASHBYTES(@Algorithm, @Pass)
                ) AS X
    END
GO

Open in new window



0
 
LVL 23

Expert Comment

by:Rajkumar Gs
ID: 34998982

You need to compare password in the same way that you saved to database
Changed
passwordID = convert(binary(16),HASHBYTES(@Algorithm, @Pass))
to
passwordID = HASHBYTES(@Algorithm, @Pass)

Raj
0
 
LVL 15

Assisted Solution

by:derekkromm
derekkromm earned 400 total points
ID: 34999016
"AND passwordID = convert(binary(16),HASHBYTES(@Algorithm, @Pass))"

You may be truncating part of the result with "binary(16)"

Try just using "binary" instead.
0
 

Author Closing Comment

by:goodk
ID: 34999383
thanks - it was so timely!

and CORRECT
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question