Home/ Questions/Q 6022677
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T03:53:31+00:00

the Membership Provider ValidateUser using EF is quite simple public override bool ValidateUser(string username,

  • 0

the Membership Provider ValidateUser using EF is quite simple

public override bool ValidateUser(string username, string password)
{
    // Validate User Credentials
    var r = db.ST_Users.FirstOrDefault(
                           x => x.Username.Equals(username) && 
                                x.Password.Equals(password));
    return r != null ? true : false;
}

But this returns true (finds and retrieves the hole object) no matter if I use balexandre or BAleXanDre.

How can I enable EF to compare in case-sensitive mode?

I know how to compare in case insensitive (using the StringComparison.CurrentCultureIgnoreCase overload, but I just want the opposite)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should not query on the password. You should retrieve the User object and do a password compare locally, because SQL server will do a case insensitive compare for you by default (unless you change your database settings, which is not something you should take lightly).

    var r = db.ST_Users.SingleOrDefault(x => x.Username == username);

return r != null && r.Password == password;

    Besides, you seem to be storing plain passwords in your database. Depending on the type of application, this might not be a good idea. Try hashing them with a salt. Lots of good information to find about that here on Stackoverflow. For instance, take a look at this question and this website.

    • 0