locked
connecting to sql RRS feed

  • Question

  • User-2060576634 posted

    HI ,

    is it possible to connect webpages websites to sql servers? I know how to migrate to sql locally but it looks like the web.config and providers are all set for sqlCE.. didn't manage to connect my site to online sql server..

    Sunday, March 15, 2015 5:45 AM

Answers

  • User281315223 posted

    is it possible to connect webpages websites to sql servers?

    Sure, ASP.NET Webpages are fully capable of connecting to various types of databases just as you would using any other type of .NET application. You would likely just need to update your appropriate configurations and connection strings to point at your new database.

    You can find a few resources below that you might want to take a look at :

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, March 15, 2015 8:03 AM
  • User-1980594115 posted

    You are correct about storing User Names and Passwords in Web.config as a security issue.

    Create a file in the  App_Data folder, such as ConnectionStrings.config. Web crawlers have access to the root folder and its contents. Anything placed in App_Data is protected by ASP.NET, and requests for items within it are met with a 403 - Forbidden error message.

    ConnectionStrings.config would contain sometime as follows to access a SQL Server database:

    <connectionStrings>
        <add name="XDatabase_CSX" connectionString="Data Source=XServerNameX;Initial Catalog=XDatabaseNameX; Connection Timeout=320; User ID=XUserNameX;Password=XPasswordX" providerName="System.Data.SqlClient"/>
    </connectionStrings>

    Replace XDatabase_CSX with any name you will use to reference the connection in your application code,:

    // Open Connection String stored in the Web.config
    var db = Database.Open("XDatabase_CSX"); 
    

    Replace XServerNameX with your server name. Replace XDatabaseNameX with your name of the database. Replace XUserNameX with your User Name to access the database. Replace XUserPasswordX with the password needed to access the database.

    Replace your connection code in web.config with something as follows so it can find the above:

    <connectionStrings configSource="App_Data\ConnectionStrings.config">
    </connectionStrings>
    

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 16, 2015 11:49 AM
  • User281315223 posted

    Thanks a lot sir.. doesn't storing passwords in web.config as plain text cause any security issues?

    Yes, it's generally a big security no-no. You'll want to ensure that you are using some method of securely storing your passwords (e.g. salt/hashing, etc.), however there are many built-in functions within .NET to help you accomplish this (if you elect to roll-your-own).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 16, 2015 12:14 PM

All replies

  • User281315223 posted

    is it possible to connect webpages websites to sql servers?

    Sure, ASP.NET Webpages are fully capable of connecting to various types of databases just as you would using any other type of .NET application. You would likely just need to update your appropriate configurations and connection strings to point at your new database.

    You can find a few resources below that you might want to take a look at :

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, March 15, 2015 8:03 AM
  • User-2060576634 posted

    Thanks a lot sir.. doesn't storing passwords in web.config as plain text cause any security issues?

    Sunday, March 15, 2015 6:32 PM
  • User-1980594115 posted

    You are correct about storing User Names and Passwords in Web.config as a security issue.

    Create a file in the  App_Data folder, such as ConnectionStrings.config. Web crawlers have access to the root folder and its contents. Anything placed in App_Data is protected by ASP.NET, and requests for items within it are met with a 403 - Forbidden error message.

    ConnectionStrings.config would contain sometime as follows to access a SQL Server database:

    <connectionStrings>
        <add name="XDatabase_CSX" connectionString="Data Source=XServerNameX;Initial Catalog=XDatabaseNameX; Connection Timeout=320; User ID=XUserNameX;Password=XPasswordX" providerName="System.Data.SqlClient"/>
    </connectionStrings>

    Replace XDatabase_CSX with any name you will use to reference the connection in your application code,:

    // Open Connection String stored in the Web.config
    var db = Database.Open("XDatabase_CSX"); 
    

    Replace XServerNameX with your server name. Replace XDatabaseNameX with your name of the database. Replace XUserNameX with your User Name to access the database. Replace XUserPasswordX with the password needed to access the database.

    Replace your connection code in web.config with something as follows so it can find the above:

    <connectionStrings configSource="App_Data\ConnectionStrings.config">
    </connectionStrings>
    

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 16, 2015 11:49 AM
  • User281315223 posted

    Thanks a lot sir.. doesn't storing passwords in web.config as plain text cause any security issues?

    Yes, it's generally a big security no-no. You'll want to ensure that you are using some method of securely storing your passwords (e.g. salt/hashing, etc.), however there are many built-in functions within .NET to help you accomplish this (if you elect to roll-your-own).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, March 16, 2015 12:14 PM