Solved

password and verify store procedures - not working -

Posted on 2011-02-28
4
378 Views
Last Modified: 2012-06-27
After I exec and create a new user.
then I try to verify it but it is always returning "Failed"

am I doing it right?

----------

USE [SA02012011]
GO
/****** Object:  StoredProcedure [dbo].[pAddUser]    Script Date: 02/28/2011 10:56:10 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[pAddUser](
      @UserName VARCHAR(20),
      @eMail VARCHAR(20),
      @Algorithm VARCHAR(16),
      @Pass VARCHAR(16)
)
AS
BEGIN
      set nocount on
      
      INSERT INTO PersonID (UserName, eMail, passwordID)
select @UserName, @eMail, hashbytes(@Algorithm,@Pass)
END


USE [SA02012011]
GO
/****** Object:  StoredProcedure [dbo].[pVerifyCredentials]    Script Date: 02/28/2011 10:55:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[pVerifyCredentials](
      @UserName VARCHAR(20),
      @Algorithm VARCHAR(16),
      @Pass VARCHAR(16)
)
AS
BEGIN
      set nocount on
      select case num when 1 then 'OK'
                      else 'Failed'
                      end as Result
        from (
      SELECT count(*) as Num
        FROM PersonID
       WHERE UserName = @UserName
         AND passwordID = convert(binary(16),HASHBYTES(@Algorithm, @Pass))
              ) AS X
END
return

0
Comment
Question by:goodk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
Rajkumar Gs earned 400 total points
ID: 34998968
I think the Stored Procedure is having issue - Try this modified one
/****** Object:  StoredProcedure [dbo].[pVerifyCredentials]    Script Date: 02/28/2011 10:55:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[pVerifyCredentials]
    (
      @UserName VARCHAR(20) ,
      @Algorithm VARCHAR(16) ,
      @Pass VARCHAR(16)
    )
AS 
    BEGIN
        SET nocount ON
        SELECT  CASE num
                  WHEN 1 THEN 'OK'
                  ELSE 'Failed'
                END AS Result
        FROM    ( SELECT    COUNT(*) AS Num
                  FROM      PersonID
                  WHERE     UserName = @UserName
                            AND passwordID = HASHBYTES(@Algorithm, @Pass)
                ) AS X
    END
GO

Open in new window



0
 
LVL 23

Expert Comment

by:Rajkumar Gs
ID: 34998982

You need to compare password in the same way that you saved to database
Changed
passwordID = convert(binary(16),HASHBYTES(@Algorithm, @Pass))
to
passwordID = HASHBYTES(@Algorithm, @Pass)

Raj
0
 
LVL 15

Assisted Solution

by:derekkromm
derekkromm earned 100 total points
ID: 34999016
"AND passwordID = convert(binary(16),HASHBYTES(@Algorithm, @Pass))"

You may be truncating part of the result with "binary(16)"

Try just using "binary" instead.
0
 

Author Closing Comment

by:goodk
ID: 34999383
thanks - it was so timely!

and CORRECT
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Via a live example, show how to setup several different housekeeping processes for a SQL Server.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question