2

I'm going to ask a very basic question but since I'm getting this problem and I'm not getting why this is happening. Usually when we compare two strings like s1==s2 , it compares with length, characters, cases etc but while working in linq with the following query it is not matching the cases of the string. My DB has Password123 but when I enter password123, then also it return me a record which is actually wrong. My query is: var row = DB.tbllogin.Where(m => m.Id == LoginId && m.Password == pwd.Trim()).FirstOrDefault();

It is not matching the cases.The field in DB is of nvarchar type and pwd is of string type and I am using Entity Framework ORM.

Sweetie
  • 1,298
  • 6
  • 24
  • 48

1 Answers1

5

The problem is that the comparison is being performed in SQL - I suspect if you execute the same query in SQL Studio, you'll get the same result.

One fix would be to change the database collation to be case-sensitive; it's not clear whether you can do this directly in LINQ itself. (It's one of those cases where the details are leaking through the abstraction.)

However, a better solution for this specific case would be to not store your passwords in plaintext to start with. It's horribly insecure. You should be storing a hash using something like bcrypt. See Jeff Atwood's blog post on the topic for more details.

Jon Skeet
  • 1,421,763
  • 867
  • 9,128
  • 9,194
  • `StringComparison` won´t work. That is also transformed to "=" which ist case-insensitive. – Jehof Jan 27 '14 at 07:01
  • @Jehof: Interesting. Will delete that bit, thanks. (I'm keeping the answer due to the "don't store passwords like this" even though it's mostly otherwise a dup.) – Jon Skeet Jan 27 '14 at 07:04
  • this won´t work at least for Entity Framework, which i have tested in LinqPad. I am not sure if the questionar uses EF but i guess he uses it. – Jehof Jan 27 '14 at 07:07