locked
Case sensitivity and/or String Compare RRS feed

  • Question

  • User1811554030 posted

    Guys lets say I want a case sensitive system that when you register you provide a password as "xxxx" and then you try attempt to login with

    "XXXX",it should refuse, how and at what level do I do the string case sensitivity thing? with vb.net or C#

    Tuesday, August 28, 2012 8:34 AM

Answers

  • User1811554030 posted


    ALTER procedure [dbo].[spLoginvalidate]
    (
    @User_ID varchar(50),
    @Password varchar(20),
    --@Role varchar(2),
    @Outres int OUTPUT
    )
    AS
    set @Outres= (SELECT count(*) FROM [dbo].User_Table
    WHERE User_ID=@User_ID
    and CAST (Password as varbinary(20))=CAST(@Password AS varbinary(20)) ) --and Role=@Role
    --WHERE CAST(Password AS varbinary(15)) = CAST(@Password AS varbinary(15))
    if(@Outres=1)
    begin
    set @Outres=1
    end
    else
    begin
    set @outres=0
    end

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 1, 2012 9:52 AM

All replies

  • Tuesday, August 28, 2012 8:52 AM
  • User308828528 posted

    you can find solution via following links

    http://msdn.microsoft.com/en-us/library/cc165449.aspx

    http://www.blackwasp.co.uk/StringComparison_2.aspx

    http://www.tla.ch/TLA/NEWS/2007cs/2007-05-23-cs-string-compare.htm

    Tuesday, August 28, 2012 9:00 AM
  • User1811554030 posted

    ok, lets say I'm pulling the password from the database...

    my vb code so far is:

    If Validate_Login(txtUser_ID.Text, txtPassword.Text) >= 1 Then ''this authenticates if the user is a normal user or an admin user
                FormsAuthentication.RedirectFromLoginPage(txtUser_ID.Text, False) ''formautentication redeirects
                Dim Results As Integer = 0
                If (txtUser_ID.Text IsNot "" And txtPassword.Text IsNot "") Then
                    Results = Validate_Login(txtUser_ID.Text.Trim(), txtPassword.Text.Trim())
                    If Results = 1 Then
                        MsgBox("Login is good")
                        Response.Redirect("RegisterUser.aspx?UserID=" & txtUser_ID.Text)
                    Else
                        FailureText.Visible = True
                        FailureText.Text = "Invalid Username or Password"
                    End If
                Else
                    FailureText.Visible = True
                    FailureText.Text = "Please make sure that the username and the password is Correct"
                End If

            Else
                FailureText.Visible = True
                FailureText.Text = "Invalid Username or Password"
                txtUser_ID.Text = ""
            End If
            connection.Close()
        End Sub

        Function Validate_Login(ByVal Username As String, ByVal Password As String) As Integer
            Dim connnecxion As String = ConfigurationManager.ConnectionStrings("Risk_ProfilingConnectionString").ConnectionString ''Defined on the web.config file
            Dim connection As New SqlConnection(connnecxion) '' creates a new connection to the database and then...
            Dim cmdselect As SqlCommand = New SqlCommand
            cmdselect.CommandType = CommandType.StoredProcedure
            cmdselect.CommandText = "[dbo].[spLoginvalidate]"
            cmdselect.Parameters.AddWithValue("@User_ID", Username)
            cmdselect.Parameters.AddWithValue("@Password", Password)
            cmdselect.Parameters.Add("@OutRes", SqlDbType.Int, 4)
            cmdselect.Parameters("@OutRes").Direction = ParameterDirection.Output
            cmdselect.Connection = connection
            Dim Results As Integer = 0
            Try
                connection.Open()
                cmdselect.ExecuteNonQuery()
                Results = cmdselect.Parameters("@OutRes").Value
            Catch ex As Exception
                MsgBox(ex.ToString)
            Finally
                cmdselect.Dispose()
                If connection IsNot "" Then
                    connection.Close()
                End If
            End Try
            Return Results
        End Function

    this code above just validates if a record exists or not when a user attempts to login

    Tuesday, August 28, 2012 9:16 AM
  • User-536335358 posted
    Just you need to write following condition while getting password and user name (Note [] symbols)


    where password=[passwordparameter] and username=[userName parameter]
    
    


    Tuesday, August 28, 2012 10:14 AM
  • User1811554030 posted

    the where, is it in my sql stored proc or on my vb code?

    Tuesday, August 28, 2012 10:23 AM
  • User1811554030 posted

    CREATE procedure [dbo].[spLoginvalidate]
    (
    @User_ID varchar(50),
    @Password varchar(50),
    @Outres int OUTPUT
    )
    AS
    set @Outres= (SELECT count(*) FROM [dbo].User_Table
    WHERE User_ID=@User_ID and Password]=@Password)
    if(@Outres=1)
    begin
    set @Outres=1
    end
    else
    begin
    set @outres=0
    end

    Tuesday, August 28, 2012 10:27 AM
  • User-1712436677 posted

    Hi,

    this can achievied by changing the collation of the password column in your table to "SQL_Latin1_General_CP1_CS_AS".

    Regards,

    Kaprthi

    Thursday, August 30, 2012 2:48 AM
  • User1811554030 posted

    No, it didn't work

    Tuesday, September 4, 2012 3:01 AM
  • User1811554030 posted


    ALTER procedure [dbo].[spLoginvalidate]
    (
    @User_ID varchar(50),
    @Password varchar(20),
    --@Role varchar(2),
    @Outres int OUTPUT
    )
    AS
    set @Outres= (SELECT count(*) FROM [dbo].User_Table
    WHERE User_ID=@User_ID
    and CAST (Password as varbinary(20))=CAST(@Password AS varbinary(20)) ) --and Role=@Role
    --WHERE CAST(Password AS varbinary(15)) = CAST(@Password AS varbinary(15))
    if(@Outres=1)
    begin
    set @Outres=1
    end
    else
    begin
    set @outres=0
    end

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, November 1, 2012 9:52 AM