Home/ Questions/Q 6974621
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T17:15:43+00:00

I’m trying to create authentication where all passwords are hashed and salted. First, for

  • 0

I’m trying to create authentication where all passwords are hashed and salted. First, for simplicity, I tried without salt, here’s my linq:

var CurrentUser = db.Users
    .Single(u => u.UserName == form["username"] && u.Password.SequenceEqual
               (
                   MD5.Create().ComputeHash
                       (
                           Encoding.UTF8.GetBytes(form["password"])
                       )
               )
          );

Unfortunately, this error occurred:

The query operator ‘SequenceEqual’ is not supported.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It would help to know where you’re getting your user records from (i.e. what is “db.Users”).

    Whatever linq provider your using (EF etc) probably doesn’t support using SequenceEqual in a query, so you’ll need to grab the user record, then check the password:

    var currentUser = db.Users.Single(u => u.UserName == form["username"]);
var hash = MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(form["password"]));

var passwordCorrect = currentUser.Password.SequenceEqual(hash);

    You may also want to be more explicit in your “u.UserName ==” comparison to make it obvious whether it’s case insensitive/ordinal etc.

    Edit: Flater’s answer will also work fine, but personally I’d rather pull the record back and verify it as you may want to know whether the user actually exists or not (not just whether the username and password are correct) so you can “lock out” accounts or take other (more helpful) action based on a number of incorrect password attempts.

    • 0