1

I have a User entity that contains the username, name and other non sensitive information.

During authentication, I need to query the password (hashed) and the password salt in order to do a hash comparison. Those two properties are not part of the model due to their sensitive nature.

How can I query those two properties in NHibernate without using CreateSQLQuery? I now that CreateSQLQuery works, but I was trying to find a non SQL way.

Pierre-Alain Vigeant
  • 22,635
  • 8
  • 65
  • 101

2 Answers2

2

create a DTO that would be mapped to the same table as User, and will only be used for this purpose, and use that.
for example-

public class AuthUserDTO
{
   public virtual string Username {get; set;}
   public virtual string PasswordHash {get; set;}
   public virtual string Salt {get; set;}
}

all of your 'regular' methods would return a regular User object, except for GetUserForAuthentication that would return an AuthUserDTO.

J. Ed
  • 6,692
  • 4
  • 39
  • 55
1

You could use query only properties in your mapping file, using the "access" attribute. E.g. in your hbm file:

<property name="PasswordHash" type="string" column="PasswordHash" access="none" />

This will allow you to query PasswordHash in a HQL or Criteria query as if it were a normal property, but you don't actually have a PasswordHash property in your user class.

JonoW
  • 14,029
  • 3
  • 33
  • 31