If you are storing the sha1 version of the password in your db then you need to make sure that the field is a varchar type of at least 40 characters. It looks like you are correctly comparing the sha1 value for the password in your login server behavior. Do you know what the sha1 version of your password should be? If so you should be able to directly compare with what you have in the db to see if they match. So long as the value you are comparing matches the value in the db then you should be fine. Post back and let us know what you discover.