none
How do i add password to connectionstring at runtime in c#?

    Question

  • Hi

    when we use entity framework in c# it use connectionstring in app.config. Such as this:

    <connectionStrings> 

    <add name="FFZcoFishDBEntities" connectionString="metadata=res://*/ModelFishDB.csdl|res://*/ModelFishDB.ssdl|res://*/ModelFishDB.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=FS-PC\SQLSERVER2005;initial catalog=FFZcoFishDB;persist security info=True;user id=ffzco;password=123456;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />

    </connectionStrings>



    But i want the app.config connectionstring not to contain password. Such as this:

    <connectionStrings> 

    <add name="FFZcoFishDBEntities" connectionString="metadata=res://*/ModelFishDB.csdl|res://*/ModelFishDB.ssdl|res://*/ModelFishDB.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=FS-PC\SQLSERVER2005;initial catalog=FFZcoFishDB;persist security info=True;user id=ffzco;MultipleActiveResultSets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" />

    </connectionStrings>

    but i don't know how to add password at runtime.


    Monday, October 28, 2013 2:23 PM

Answers

  • Hello,

    What you think is a good idea I think, one way for achieving what you want, we can write the metadata in our program like below:

    static void Main(string[] args)
    
            {
    
                string EntityConnectionString = string.Format("metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string=\"data source=(localdb)\\v11.0;initial catalog=NeedLoginDB;persist security info=True;user id={0};password={1};MultipleActiveResultSets=True;App=EntityFramework\"", "MinBao", "bmxBMX123!@#");
    
    
                using (NeedLoginDBEntities db = new NeedLoginDBEntities(EntityConnectionString))
    
                {
    
                    User u = db.Users.FirstOrDefault();
    
                }
    
            }
    

    Of course, do not forget to add a constructor method that need a string parameter like below:

    public NeedLoginDBEntities()
    
                : base("name=NeedLoginDBEntities")
    
            {
    
            }
    
    
            public NeedLoginDBEntities(string connectionString)
    
                : base(connectionString)
    
            {
    
            }
    

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, October 29, 2013 7:53 AM
  • I don't see what you are talking about is going to achieve anything in the protection of the password doing it at runtime and manipulating the connection string to add a psw. What you should be doing is creating an encrypted psw that you created on MS SQL Server for the database during database creation and setup by using CTRL/SHIFT/Special Keys/Alpha/Numeric key combinations to encrypted the psw and apply the encryption to the psw on the connection string to login to the database with a user-id and encrypted psw. 

    Or do something with encryption being explained in the link.

    http://msdn.microsoft.com/en-us/library/ms254494.aspx

    Thursday, October 31, 2013 1:10 AM

All replies

  • Hello,

    What you think is a good idea I think, one way for achieving what you want, we can write the metadata in our program like below:

    static void Main(string[] args)
    
            {
    
                string EntityConnectionString = string.Format("metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string=\"data source=(localdb)\\v11.0;initial catalog=NeedLoginDB;persist security info=True;user id={0};password={1};MultipleActiveResultSets=True;App=EntityFramework\"", "MinBao", "bmxBMX123!@#");
    
    
                using (NeedLoginDBEntities db = new NeedLoginDBEntities(EntityConnectionString))
    
                {
    
                    User u = db.Users.FirstOrDefault();
    
                }
    
            }
    

    Of course, do not forget to add a constructor method that need a string parameter like below:

    public NeedLoginDBEntities()
    
                : base("name=NeedLoginDBEntities")
    
            {
    
            }
    
    
            public NeedLoginDBEntities(string connectionString)
    
                : base(connectionString)
    
            {
    
            }
    

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, October 29, 2013 7:53 AM
  • I don't see what you are talking about is going to achieve anything in the protection of the password doing it at runtime and manipulating the connection string to add a psw. What you should be doing is creating an encrypted psw that you created on MS SQL Server for the database during database creation and setup by using CTRL/SHIFT/Special Keys/Alpha/Numeric key combinations to encrypted the psw and apply the encryption to the psw on the connection string to login to the database with a user-id and encrypted psw. 

    Or do something with encryption being explained in the link.

    http://msdn.microsoft.com/en-us/library/ms254494.aspx

    Thursday, October 31, 2013 1:10 AM