none
Security and connection strings RRS feed

  • Question

  • Well, this is my problem (hope not only mine):
    I have got a connection string to a sql server database .
    This CS is stored in the app.settings of my C# WinForms Application.
    My application is installed in a folder for which I don't have admin rights and cannot write the app.config.

    Because of security, I didn't stored the password in this CS, and I want to add it at runtime when the user logs in.

    Because of my own reason, I don't want to use Windows Integrated Security and I prefer using user id and password method.

    I created a SqlConnectionStringBuilder that runs after the user fill in my password text box.

    Now I have my brand new completed connection string.

    How can I put it in the app.config without having writing rights?
    On the other hand, how can I change the auto-generated ADO.NET table adapter InitConnection() method that refers to Setting's half-size connection string?
    I don't want to change auto-generated code because if it needs to be refreshed, all my changes will be lost.

    I googled and msdned everywhere but it seems to be very difficult to find anything about this.

    Pls help me.
    ------- Life is what happens while doing other projects -------
    Sunday, July 5, 2009 5:36 PM

Answers

  • Hello,

    RE: How can I put it in the app.config without having writing rights?
    No, you can't do that, and this is is bad idea. 

    Re: Because of security, I didn't stored the password in this CS, and I want to add it at runtime when the user logs in.
    My impression is at run time, you will be prompt for inputting the password? Is that true?

    One way I think you can do is create your Connection, and set to the TableAdapter.Connection property.


    John

    Monday, July 6, 2009 7:03 AM

All replies

  • Hello,

    RE: How can I put it in the app.config without having writing rights?
    No, you can't do that, and this is is bad idea. 

    Re: Because of security, I didn't stored the password in this CS, and I want to add it at runtime when the user logs in.
    My impression is at run time, you will be prompt for inputting the password? Is that true?

    One way I think you can do is create your Connection, and set to the TableAdapter.Connection property.


    John

    Monday, July 6, 2009 7:03 AM
  • Re: My impression is at run time, you will be prompt for inputting the password? Is that true?
    Absolutely true! That's it.

    Re: One way I think you can do is create your Connection, and set to the TableAdapter.Connection property.
    What do you mean? Which TableAdapter? The one in the Dataset designer sheet? Remember what I thought:

    "On the other hand, how can I change the auto-generated ADO.NET table adapter InitConnection() method that refers to Setting's half-size connection string?
    I don't want to change auto-generated code because if it needs to be refreshed, all my changes will be lost."

    Waiting for answers.
    ------- Life is what happens while doing other projects -------
    Monday, July 6, 2009 11:14 AM
  • Hello Italian Cousin

    My impression is at run time, you will ask user to input the user name and password anyway. 
    So I think you can set the connection on the TableAdapter (yes the one generated by the DataSet designer)  at run time too. 
    e.g.
    this.categoriesTableAdapter.Connection = new System.Data.SqlClient.SqlConnection(connectionString)


    I might not understand your requirement fully.
    It seems you want the user to input the password only once and cache it in the computer, so next time he/she will not need to typein the password? Is this the case? 

    John
      




    Monday, July 6, 2009 8:55 PM
  • Great!
    You are right.
    It was too obvious to understand.
    I thought it was more difficult than that and I lost the logic beneath. Thx.
    ------- Life is what happens while doing other projects -------
    Monday, July 6, 2009 9:13 PM