Thanks Cetin - looks like I can't blame it on the ASC() function.

Your comment about the lack of security in the DBC is a good one that I hadn't thought about. This application has no sensitive data in it, so that's not a big concern. But since this is my first ASP.NET application, I'd like to do it right the first time; the next one might require more security, and this method would not be very secure. Maybe I'll look at putting the login routine in a VFP DLL.

>I didn't have a problem with passed strings from ASP.Net (asc() works correctly in the 0-255 range).
>One thing I noticed in your post, probably misunderstood. Are you saying you keep password encryption,decryption routines in stored procedures? If so it's next to keeping them as plain text.