web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics RMS (Archived) / Validate cashier login...
Microsoft Dynamics RMS (Archived)

Validate cashier login SQL

(0) ShareShare
ReportReport
Posted on by TimB 1,175
Is there a way to validate cashier logins at sql level? Since the last few RMS updates the cashier passwords are stored in hash format in the database. Is there an SP that validates it? If so which one? Or do I have to know some hash encryption code to be able to do it? Any insight will be greatly appreciated. Thanks! Tim

*This post is locked for comments

I have the same question (0)
  • ScottM Profile Picture
    ScottM 540 on at
    I was wondering the same thing.
    We have a custom reporting application that checks against RMS database username/pass when logging in.
    After the upgrade this program doesn't work anymore, I had to switch it to look at the ID instead since I think that is still stored as text.
    Granted, the change is a good thing, but hard for developing custom applications.

  • Ryan Sakry Profile Picture
    Ryan Sakry 3,425 on at
    Tim, Due to the encryption, there is no way to do this. Due to PCI Compliance Rules, Microsoft will not release how to reverse engineer the passwords.
  • TimB Profile Picture
    TimB 1,175 on at
    Ryan, I don't even think it is possible to 'reverse engineer' the passwords, because hashes are mathematically impossible to reverse. I don't know exactly how hashes work, but I would think they'd have a way to hash password strings and then validate against the database hash. I also think I've seen companies that have cashier authentication even after the updates, don't know how else they could do it. Tim
  • Ryan Sakry Profile Picture
    Ryan Sakry 3,425 on at
    No, you are correct. More to the point of what I meant is that Microsoft will not release which specific algorithm is used, nor what type of key/salt they use to begin the hash process. If one had this, they could encrypt a user password and compare the results.
  • Verified answer
    TimB Profile Picture
    TimB 1,175 on at

    Hey I've found a solution that works for me. And since I don't have access to the customization guide only because I'm not a partner I like to share the stuff I can figure out. So, I use the QSRules.dll file. Create a new session and run the ses.login("userid","password") function which returns true if login succeeds. See some sample code following. Hope this helps someone. Rgds, TimB

           Dim info As QSRules.ConnectionInfo = New QSRules.ConnectionInfoClass

           Dim ses As QSRules.SessionClass = New QSRules.SessionClass

           info.InitialCatalog = "database"

           info.DataSource = "server"

           info.UserID = "sa"    'or other user you use for sql

           info.Password = "password"

           'info.ConnectTimeout = 30

           info.provider = "SQLOLEDB"

           If ses.Database.OpenConnection(info, False) = False Then

               MsgBox("Could not connect to server.")

               Exit Sub

           End If

           If ses.LogIn("userid","password") = False Then

               MsgBox("Wrong user id or password.", MsgBoxStyle.Critical)

           Else

               Return True

           End If

  • Prashant Bhure Profile Picture
    Prashant Bhure 30 on at

    Hi Tim,

    We are using the same technique to get across the login issue, however we are using late binding  to avoid the versioning issue.

    We regularly face issues with the login when Store Ops and HQ are installed in the wrong sequence, (i.e. Store is installed first and then Hq). When signing on to a store database it tries to select the login info from the HQ User table and throws an error saying

    "The connection cannot be used to perform this operation. It is either closed or invalid in this context. SELECT * FROM [HQUser] "

    do you have any idea, why?

    Thanks and Regards

    Prashant

  • TimB Profile Picture
    TimB 1,175 on at

    Prashant,

    This sounds strange. I wonder if it is that when you use late binding that it tries to use HQRules instead of QSRules? I think it's a good idea to use late binding but I have not implemented our program that way. I currently copy the QSRules.dll with every one of my custom program's installation.

    This is just an idea. Since I have not used HQRules or late binding in my current setup I don't really know what exactly your problem is.

    Tim

  • Prashant Bhure Profile Picture
    Prashant Bhure 30 on at

    Tim,

    Thanks for the reply, however I have resolved this by re registering QSRules.dll silently into the code.

    Prashant

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics RMS (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans