i am making a simple c#.net winform application with a form1, which will connect to sql server.
i want that before establishing a connection to sql server , the application asks the user to enter the login name & password to connect.
for this what should i do:
take the login name & password in two text boxes & pass them the to the connection string
or
should i pass them to the app.config file & then use the string from app.config file in the form1.cs?
will this be ok with the security issues? if not, then what are the other ways of implementing this task?
I would do this:
- use a
SqlConnectionStringBuilder component
- define things like server name, database name etc. from your
app.config
- that component also has two properties for user name and password - fill those from a dialog box where you prompt the user for this information
- that SqlConnectionStringBuilder then gives you the proper connection string to use for connecting to your SQL Server
Update:
My suggestion would be to store the basic connection string like this:
<configuration>
<connectionStrings>
<add name="MyConnStr"
connectionString="server=A9;database=MyDB;" />
</connectionStrings>
</configuration>
Then load this "skeleton" connection string (which is incomplete - that alone won't work!) into your SqlConnectionStringBuilder:
string myConnStr = ConfigurationManager.ConnectionStrings["MyConnStr"].ConnectionString;
SqlConnectionStringBuilder sqlcsb = new SqlConnectionStringBuilder(myConnStr);
Then grab the user name and password from the user in a dialog box and add those to the connection string builder:
sqlcsb.UserID = tbxUserName.Text.Trim();
sqlcsb.Password = tbxPassword.Text.Trim();
and then get the resulting, complete connection string from the SqlConnectionStringBuilder:
string completeConnStr = sqlcsb.ConnectionString;
using(SqlConnection _con = new SqlConnection(completeConnStr))
{
// do whatever you need to do here....
}
Pass the login to the connection string. app.Config is not a place to store user interaction.
Another way of implementing it might be to authenticate on the SQL server with Windows authentication. That way the local Windows user can have certain security privileges on the database and the user of the application would net necessarily have to enter any credentials.
What are the credentials used for? Are they used for establishing a connection with the database, or to access a user account entry and security privileges in the application?
For securing strings, use SecureString Class.
Sql authentication details is always kept seperate from application authentication details(There are exceptions...eg: ur making ur own version of sql server client)
- Keep your database connection details in app.config.
- It should Ideally contain one user with app level restrictions enabled.
- The Login you speak about is an authentication module which exists in C#. eg: windows authentication,forms authentication etc.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《connecting to sql server through a .net winform ap》','https://www.manongdao.com/article-843570.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}