tags:

views:

932

answers:

4
+2  Q: 

handling the connection string with SQL Authentication

Hello,

I am deploying a Windows Application that uses SQL Server 2005. The program will use SQL Authentication.

My question is, how do you handle the connection string when you don't know what the username/password will be? Do you load this from an encrypted file? Or are there provisions for handling this already?

A: 

If the enduser will provide the password you don't need to do anything, dont save the usernamne/password in the config file. If you don't want the end user to provide the password you could put it in the config file at installation. But that could be a problem if the username needs to be changed and you have encrypted the connectionstring.

Richard L  2009-01-17 15:15:18
A: 

Encrypting sections of the configuration is not as simple for a windows app as for a web app, but it is certainly doable. Here's a sample.

cmsjr  2009-01-17 15:17:48
+2  A: 

If the user will provide their login details (username and password) then you just need to provide the ability to enter them in your app, e.g. show a dialog asking for these details. You can then use those values the user gives to build the connection string in your code.

Alternatively, if all your users are going to be using a single SQL account to connect then you can put the connection string in your app.config file using encryption if you want to hide it from your users, see cmsjr's answer for an example of how to do this.

Alternatively, if you're developing this on an internal domain (intranet) then switch your database to integrated security and put your users domain accounts into the relevant access group on your database server. Then you won't have to worry about collecting username or passwords at all.

AdamRalph  2009-01-18 12:54:55
A: 

Just make sure to check the username/password for "weird" characters that the user might enter. The last thing you want is for them to change around your connection string. Then basically you just specify the driver (if using ODBC), the database, the server, but leave all the username/password and trusted connection info out. Then just tack on username= and password= which will be set equal to what was entered by the user on the end. However watch out for semicolons. I've never tried to see what happens if there is both a username/password and a trusted_connection = true.

Cervo  2009-01-18 13:18:06

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?