My Visual Studio .NET application uses SQL Server 2005 Express.

It has to be installed on my customer's main server system & on two client computers.all with Windows XP or Vista or 7.

Now, every time when i install my application & SQL Server on my customers computers, I have to change the server name specified in the connection string, i.e. the DATA SOURCE. Because, when I install SQL Server on customer's computer, then the server name is taken by SQL Server 2005 Express, as the computer name of the customer.

So, what's the solution for this?

1. Shall I change the computer name of the customer, to what i have specified in my connection string.
2. or , should i take the server name dynamically on runtime from the .net application and then pass it to the connection string.

Also, the same problem is for login? My .NET application would ask for the login & password from the customer, which would then be passed to the connection string & the application would connect to SQL Server. So, is this ok with security? if not, then what's the other solution to create logins of SQL Server from the .NET application dynamically.

Also, should i create APPLICATION ROLES for this purpose , i.e. for solving the login problem?

My connection string is : Data Source = A-9 (computer name) ; Trusted_Connection = true;

----------------------------------------------EDITED---------------------------------------

At my customer's place,'APP_SVR' is server machine name, he has 2 client m/cs : C-1 & C-2. All 3 are simple home PCs on LAN, with Windows XP.

1.I will install SQL SERVER EXPRESS on 'APP_SVR'. While installation, SQL SERVER automatically takes the server name as the computer name on which it is installed , here it is 'APP_SVR'. So , 'APP_SVR' will be the DATA SOURCE NAME in the conn. string.

2.I will install the .NET application on C-1,C-2.

3.Now, the application on C-1,C-2 will have to connect to SQL SERVER on 'APP_SVR'. For this,the applcn. needs DATA SOURCE NAME. So, I would take the data source name from users using C-1 & C-2, as a text input & then pass it to the connection string.
The users would enter it as 'APP_SVR'.

Would this be fine with security issues ? or is there any other way?

As far as the connection string is involved, oleschri is correct. Your best option is to make use of an app.config file. You will then have to change the connection string to point to the correct server by hand. There is no real way of making this dynamically as you have no way of knowing the ip/name of the server machine from client to client until you see the environment.

As for the logins and connecting the application to SQL, this can be done the way you are suggesting. With changing the connection string dynamically with the username and password provided by a user.

Generally, I handle this by creating a users table in my database. This table would have usernames and password to allow access to my program. The logins in SQL Server should be used for limiting/securing access to the database itself. I generally create one login/user and all users then use this to access the database. This helps to lock down access to the database while allowing you to provide security to access the application. For this to work though, you will need to take the username/password from the user and check the database to see if it exists and is correct. If so let them continue, if not keep them at the login screen and tell them that either the username and/or password is wrong.

I would definately go with alt 2, changing your customers computer names might make them, or their it-admins, pretty darn angry.

Assuming your client application is some kind of WinForms application the connection string should reside inside the application's app.config file and should be set to the correct value when installing it.

Having the connection string in the app.config helps admin to easily update the client when server names or database names change over time.

• MSDN: Storing and Retrieving Connection Strings

If you want to use Integrated Windows Security (the currently logged on Domain User) you can put the users to be authorized into a group and authorize this group in SQL Server accordingly. You also have to specify Integrated Security=True in your connection string.

• MSDN: ConnectionString Property