compare string to hash value

Ok, here is what i'm trying to do and its driving me nuts.

ok,

1) I have a proc that runs and needs to validate the user prior to running - this proc is called from an hand held device

2) the id and password are being passed as "clear text" but the password is stored in the database table hashed.

Is there anything on the db side that can get the hash value from the password column of the aspnet_membership table and compare it to the password being passed in to this proc? I have suggested several options to the handheld developer but nothing. This has to be done on the database side.

so,

username and password are passed to proc from handheld.

proc needs to validate ther user in the aspnet_membership table

if user id and password are valid execute the stored procedure

is this possible? if so can ANYONE point me to some examples of this being done?

You should post in the SQL Server Compact forum as not all features available in SQL Server Standard and higher are also available in Compact.

Thanks

Laurentiu

|||

This isn't related to SQL compact. I need to do this on the main database since the user is connecting to that to run this stored procedure. This isn't a hand held, SQL compact related question. Its a SQL in general related question.

|||

I see, I assumed this was related to the scenario you posted about earlier, where you mentioned the database as being SQL Server Compact Edition.

If you want to do a hash computation, you can look at using the HashBytes builtin function. It supports SHA1.

Thanks

Laurentiu

CommandText on Report Server

When a report runs is it possible to retrieve the command text and modify it in order to append some additional "where" conditions, before the sql is processed to return data to the report?

You can write code like this

declare sSQL varchar(500)

declare sWhere varchar(200)

set sSQL = "Select * from mytable"

if lenght(@.Parameter1) > 0

begin

sWhere = " Where mycolume = '" + @.Parameter2 + "'"

end

sSQL = sSQL + sWhere

EXEC (sSQL)

|||

Thanks for the reply, but I need to be clearer with the question that I am asking.

I have written code to construct the piece of SQL that I need to append - it retrieves conditions from the database which define some additional filtering for security.

What I need to know is if it is possible at runtime to trap the SQL statement stored in the <CommandText> element of the RDL for the report that is running - append my additional segment of SQL just before it gets processed. Bear in mind that a Report designed may have several SQL statements from individual parts of the overall report - a data set tp provide values for parameters, a dataset for each section on a report, chart and matrix for example.

Should I be looking at doing it via a Data Processing extension, therefore trapping any report that that is run via SSRS?