RavenDB Querying to check Username and Password

I'm fairly new to C# and RavenDB, so please excuse my lack of understanding.

I currently have a Windows Form Application. In one of th开发者_StackOverflow社区e forms, I have two text boxes and one button. These two text boxes serve as the username and password inputs and the button is obviously there so that the user can login. When the user clicks on the button, a method is called and saves the content of the two inputs in two string variables.

At the moment, in my RavenDB Database, I have created two samples of username and password.

How do I appropriately check whether the username and password given from the user exists in the database.

Any help is really appreciated.

---

There are two ways to answer this question.

a) You can query for multiple properties using the Linq provider

session.Query<User>().Where(user=> user.Name = username && user.Password = pass).ToList();

b) The problem with this is that this assumes that you are storing the password as plain text in the database, which you should never do. You can see how we implemented that in RaccoonBlog's RavenDB's sample application:

https://github.com/ayende/RaccoonBlog/blob/master/src/RaccoonBlog.Web/Models/User.cs

https://github.com/ayende/RaccoonBlog/blob/master/RaccoonBlog.Web/Areas/Admin/Controllers/LoginController.cs

---

As a matter of good security practice you don't store passwords at all, rather you you store the password's hash.

To store your password

1. Read the values on the server and generate a hashcode of the password. You should use crypto functions to generate hash (such as via SHA256)

2. Store a document in Raven DB of type User with his username and hashed password

To check if the user with the passed credentials is in the database

1. Query Raven DB and look for the user with the given name and password hash.

Sample code

var user = session.Query<User>()
    .Where(u => u.UserName == "Alice" && u.HashedPassword == "hashPwd");