I am designing an application in .net using MVC3. I am using Visual studio 2010 and i am using Sql Server for database. what connection string should i use in Web.Config file.?
Here is a site with any connection string you want:
http://www.connectionstrings.com/
Basically, you should probably use something like this:
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
This way you are using trusted security (not storing a SQL username and password in your config file). You will just need to make sure that the account that your application runs under has access to the database. Really, though, you should have a data access layer that has the permissions. I would recommend against direct data access from your front-end. If possible, maybe even WCF.
Related
I have written an Excel addin which connects to a specific database and pulls data from it. Currently, SQL Server authentication data is hard-coded in the add-in. I am planning to distribute the add-in without removing the SQL Server connection functionality. Protection of the authentication data is an inevitable prerequisite. However, I am stuggling to find a suitable solution.
The authentication data for SQL Server is not unique. Setting up a unique login for each end user would be nearly impossible.
Are there any recommendations how to best achieve a good protection level for the SQL Server authentication data?
This is a very common problem of how to protect connection strings.
Few years ago i have develop a C# application and i have used an app.config file that the connection strings to the db where encrypted.
Save the connection string in an external encrypted file and while reading it decrypt it:
You can check here for more information:
https://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx
I want to deploy my web application including a SQL Server 2008 database from my local machine to my hoster.
So far I used the Windows authentication, is it necessary to switch to username and password when I want to make my application public on the internet?
And if that's the case, what's the best practice to hide that information if they are saved as strings in the web.config?
Side note: I use Linq to Entities as Object Mapper and within the code I use
HttpContext.Current.User to authenticate the user
If you are not using shared hosting, then you can keep using windows authentication which is more secure than having SQL server user.
You should also disable remote connections so that no one can directly access SQL server to make it more secure.
For encrypting connection string check this site.
I'm working with getting a legacy app in line with current SQL Server security standards at my organization and would like the application to use Windows authentication when making SQL Server stored procedure calls from an ASP classic app runniing on a Windows Server 2008 web server. If it's too much trouble I can create a SQL Server account but would like to use integrated security. I'm looking for the best practice with this type of configuration. Any help is greatly appreciated.
By ASP side it should be easy, it's a matter of connection string.
Try this one:
strConn="Driver={SQL Server}; Server=[YOUR HOST]; Database=[YOUR DB]; Trusted_Connection=Yes;"
Before that, you have to properly configure IIS
I'm trying to make an application for my company which will run on Windows 10 tablets connected to a main server over the internet via a VPN. I have the VPN and devices established and am trying a sort of "Hello World" with a tablet.
Here is my problem: My app will require access to the SQL Server running on main server hosting the VPN.
The SQL Server is already configured to allow access over the network and has been tested. If I write a simple WPF application, I can run it from the tablet and the SQL connection works perfectly.
So why is it a problem?
Because for the life of me I can't figure out how to connect to an SQL database from a Windows Universal Application. I'm using Visual Studio 2015 and the "Blank App (Universal Windows)" solution template. The System.Data.SqlClient namespace is not available by default, no framework assemblies are listed when I try to add a reference, and when I browse to the System.Data.dll to add it manually, I get other errors.
The above makes me feel like I'm going about this wrong; database access is a basic need for an application and shouldn't be this hard to implement. Can anyone tell me how to go about it?
AFAIK you can't directly connect to a full blown SQL DB from a WUA. Only to an SQLite one.
Similar question with more detailed answers-
Universal store app getting data from server
There is a class called SqlConnection which you can use to connect to a database that does the same thing.
Here is an example I found in msdn.
SqlConnection sqlCon = new SqlConnection("Data Source=(local);Initial Catalog=Test;Integrated Security =SSPI;");
Or you can create your own api on your server and connect to it using ajax methods like XMLHttpRequest().open('GET','stuff.aspx',true)
I've been developing a site using ASP.NET MVC, and have decided to use the new SQL Server 2008 FILESTREAM facility to store files 'within' the database rather than as separate entities. While initially working within VS2008 (using a trusted connection to the database), everything was fine and dandy. Issues arose, however, when I shifted the site to IIS7 and changed over to SQL authentication on the database.
It seems that streaming a FILESTREAM doesn't work with SQL authentication, only with Windows authentication. Given this, what is the best practice to follow?
Is there a way to force this sort of thing to work under SQL authentication?
Should I add NETWORK SERVICE as a database user and then use Trusted authentication?
Should I create another user, and run both the IIS site and the database connection under this?
Any other suggestions?
Take a look at this article. I don't know a whole lot about FileStreaming and security, but there are a couple of interesting options in the FileStreaming setup such as allowing remote connections and allow remote clients to access FileStreaming