the Membership Provider ValidateUser
using EF is quite simple
public overrid开发者_高级运维e bool ValidateUser(string username, string password)
{
// Validate User Credentials
var r = db.ST_Users.FirstOrDefault(
x => x.Username.Equals(username) &&
x.Password.Equals(password));
return r != null ? true : false;
}
But this returns true
(finds and retrieves the hole object) no matter if I use balexandre
or BAleXanDre
.
How can I enable EF to compare in case-sensitive mode?
I know how to compare in case insensitive (using the StringComparison.CurrentCultureIgnoreCase
overload, but I just want the opposite)
You should not query on the password. You should retrieve the User
object and do a password compare locally, because SQL server will do a case insensitive compare for you by default (unless you change your database settings, which is not something you should take lightly).
var r = db.ST_Users.SingleOrDefault(x => x.Username == username);
return r != null && r.Password == password;
Besides, you seem to be storing plain passwords in your database. Depending on the type of application, this might not be a good idea. Try hashing them with a salt. Lots of good information to find about that here on Stackoverflow. For instance, take a look at this question and this website.
I was facing the same issue. I tried:
1. from p in entity.SecurityUsers where p.userName.Equals(userName) && p.password.Equals(password) select p
2. from p in entity.SecurityUsers where p.userName == userName && p.password == password select p
But both of these didn't work. Then I selected USER
only..,
var user = (from p in entity.SecurityUsers where p.userName == userName select p).first();
And then compare its password:
return p != null && p.Password == password;
精彩评论