Menu
I am validating username (case-insensitive) and password (case-sensitive) from database
I am using Entity Framework 5.0 to interact with database
In the database password is
"0x11A46971EFF1E1A2CA228CF592CA37DC77E7CCF759602D53629C22B693AEEE96CCD9F889D8E9A92C19391E6BD2DD07E741E9B7AA07E391ACDC939B993C9D7F5D"
I am expecting null in return for my following code block when I change case of password to lower i.e.
"0x11a46971eff1e1a2ca228cf592ca37dc77e7ccf759602d53629c22b693aeee96ccd9f889d8e9a92c19391e6bd2dd07e741e9b7aa07e391acdc939b993c9d7f5d"
but it does not fail and return proper user entity.
using (var context = new MyDbContext(ConnectionString))
{
return context.Users.Where(x => (x.Name.Equals(userName, StringComparison.OrdinalIgnoreCase) && x.Password.Equals(password))).FirstOrDefault();
}
Whereas if I get all Users and then compare it gives proper output i.e. user == null
using (var context = new MyDbContext(ConnectionString))
{
var users = context.Users.ToList();
return users.Where(x => (x.Name.Equals(userName,StringComparison.OrdinalIgnoreCase) && x.Password.Equals(password))).FirstOrDefault();
}
This is Strange? Why it is happening? How to write case sensitive query to SQL from LINQ?
740
Because an open connection to the database consumes a valuable resource, the Entity Framework opens and closes the database connection only as needed. You can also explicitly open the connection. For more information, see Managing Connections and Transactions. Once in each application domain.
EF5 is built into the core of . NET 4.5, whereas EF6 has been shifted out, and is open source. This means that you must add the new EF6 assemblies to all of the relevant projects in the solution, in particular the entry project. This means that you must remove assembly System.
Entity Framework is an object-relational mapping (ORM) framework for connecting C# code to external databases, usually SQL Server. LINQ is a query language embedded into C# and a set of extension methods in order to make it useful.
Without a doubt, Entity Framework is a quick and satisfactory way of producing a database-driven web application. As performance becomes more important, it does, however, require some knowledge of the traps that you need to avoid, and of the wrinkles that impact performance.
SQL is not case sensitive. If you looked at the generated SQL it would look something like this:
EXISTS(SELECT * FROM Users WHERE userName = 'foo' AND Password = '0x11a46971eff1e1a2ca228cf592ca37dc77e7ccf759602d53629c22b693aeee96ccd9f889d8e9a92c19391e6bd2dd07e741e9b7aa07e391acdc939b993c9d7f5d')
It will return true regardless of case. The second example calls ToList so it is now doing a .net string compare what IS case sensitive.
134
When using
return context.Users.Where(x => (x.Name.Equals(userName, StringComparison.OrdinalIgnoreCase) && x.AuthenticationSecret.Equals(password))).FirstOrDefault();
you work on a lazyloaded EntityCollection. Because SQL is not case sensitive it will return true every time.
If you are using
var users = context.Users.ToList();
you switch from LINQ To Entities to LINQ To Objects, so you can now make a case sensitive comparison.
The big disadvantage is that everytime you are using ToList() your Query will be executed immediatly and you will load the COMPLETE List of Users from the Database.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
