I have an EF model in my DAL project, I want the executing project, the web application, to be the one containing the connection string information.
I also would like being able to store the connectionString separately from the metadata EF requires.
Is this possible from web.config connectionStrings alone, or do I need some sort of code-behind to accomplish this? If that's the case, what would be the code?
The EntityConnection class contains constructor overloads that you can use to pass it in a connection string from your web.config. Keep in mind though that the connection string that EF wants is not what you typically would store in a connection string in a web.config, it has more than just the SQL Server connection information. But you can use the EntityConnectioBuilder class to help you out with that.
Related
I have a project that is NOT a website project, so there is no web.config file.
I want to connect to my database. How can I do this when I don't have the web.config file to tell the database name, url, password etc?
By searching I found this: ASP.NET user database without web.config connection strings
But I don't know if this is what I need. I didn't experience from it anyway.
Thanks
Ps. It is a wpf project.
By the following way, you can define connection strings to connect with database without using web.config file.
SqlConnection con = new SqlConnection("Server=localhost\\SQLEXPRESS;Integrated security=SSPI;database=master;");
If it's not a Web application, you should have an app.config that will work the same way.
I have a web application, which will be used by multiple users at different locations,
I have a a page where they will be able to select the server and database to begin with.
All server and database structure is same, so no problem with that.
Now I need a way where I can save connection strings somewhere for each client.
As you know modifying web.config > connection string will affect others accessing it, and cant use a class(get set).
Any help would be highly appreciated.
You have to save the selection connection key (remember that all the connection strings are in the web.config file) into a cookie so each client could reuse the last selected one.
First off, this is an educational question - not something I am implementing in a productional application since I am learning the basics of C#.
Currently I have a solution containing 2 (actually 3, but one is unit testing) projects;
Form
Class Library
Inside the Class Library I have a class called Database.cs and it communicates with a MySQL database. I don't directly communicate with this Database.cs class, but other classes inside the Class Library do (for example Products.cs).
Though, I need credentials to connect to this MySQL database and I am not sure which way to go to do it safely.
Storing it inside the Class Library / hard-coding the credentials inside the class.
This wouldn't make sense to me since a user can easily grab the DLL and he technically got the credentials to the database.
Pass the credentials through the form to a class (like Products.cs) and that class passes it on while initializing the Database object
Could work, tried and it works but I am not sure if this is the 'neatest' way to do it.
Write a static class that contains properties with the credentials
Again, if I create this static class inside the Class Library I am pretty much off the same as my first example. If I would create this static class inside the Form, I require to add a reference to the Form-project from my Class Library (not the way I want it to be).
I tried looking stuff up but I am apparently not doing it right. Is there any other way to do this?
First of all never hard-code credentials into code because credentials tend to change over time so that means you will have to recompile and redeploy your application each time SQL credentials change.
Usually all information needed to connect to database is stored in application configuration file in a form of connection string.
If your application is web application then you're good to go because web.config (a web application configuration file) is stored on a web server and is never served to web requests.
But if your application is windows forms application, then security considerations kick in meaning that any user who uses your app could peek into application configuration file and get credentials. If it would be Microsoft SQL I would advise to use Windows Authentication. But with MySQL I guess you're doomed to store user name and password into connection string. Then I would suggest securing your connection string by encrypting it.
Also if your users can/have to authenticate against MySQL server (enter MySQL username and password), then you could use a connection string template and substitute certain parts of it with user name and password:
app.config
<connectionStrings>
<add name="MyApplication" connectionString="Location=myServerAddress;Data Source=myDataBase;User ID={0};Password={1};
Port=3306;Extended Properties=""""; />
</connectionStrings>
C# code
var username = textboxUsername.Text;
var password = textboxPassword.Text;
var connectionString = string.Format(ConfigurationManager.ConnectionStrings["MyApplication"].ConnectionString, username, password)
// at this point you have a connection string whitch could be passed to your Products class
Do not hardcode your credentials as that may prove to cause issues, firstly if you need to change your login credentials to the database at a later stage then you will have to recompile your class library, secondly as you mention the security will be compromised.
It is a good technique to leave the connection information to the main application instead of storing them in your data layer. Refactor your data layer to accept the connection string during runtime, this value needs to be passed by the main application to the data access layer.
This way you get 2 advantages:
When you deploy your application, the deployed location can have a different connection credential than your development environment
You can encrypt connection strings in your configuration file so as to increase security
In my web.config file I have two SQL Server connection strings, one for local and one for live:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="[removed]" providerName="System.Data.SqlClient"/>
<add name="LiveSqlServer" connectionString="[removed]" providerName="System.Data.SqlClient"/>
</connectionStrings>
I then have a "utils" singleton class which basically sets the connection string depending if I'm running the site on "localhost" or on my live server:
if (Environment.MachineName.ToUpper() == MyOwnConfig.GetAppSettingsValue(ConfigKeys.localhost).ToUpper()) {
this.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["LocalSqlServer"].ToString();
//MembershipProvider provider = Membership.Providers["LocalAspNetMemberSqlProvider"];
//RoleProvider role = Roles.Providers["LocalAspNetMemberSqlProvider"];
}
else {
this.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["LiveSqlServer"].ToString();
//MembershipProvider provider = Membership.Providers["LiveAspNetMemberSqlProvider"];
//RoleProvider role = Roles.Providers["LiveAspNetMemberSqlProvider"];
}
My Database class then simply uses the connectionString property of my utils class. All this works fine so when I place the site locally I can then simply upload it to live without making changes to the connection strings etc in the config file and it starts using my live database.
Now I'm currently implementing "membership" into my site and for ajax for use some webmethods I'm storing the providerUserKey in a text field of the current logged in user. my web method then checks that this key is authenticated. e.g.
ajaxCreds.ajaxID1 = ((MembershipUser)Membership.GetUser()).ProviderUserKey.ToString();
QUESTION:
the question I have is How do I know if this membership is from the LIVE database or my LOCAL database. As you can see from the web config I've added in the membership/provider lines (commented out) but I don't know how to use them with the above membership.getUser() command.
Alternative... Is this a good way to go? or is it simpler to edit the web.config file when I upload to live?
Many thanks
Most people don't do it this way though I applaud you for figuring all this out. Typically, people use the deployment manager or some other build system to have a different web.config value on the server verses local.
Here is a link on changing in deployment: How do I use Web.Config transform on my connection strings?
I would suggest you to read this article:
http://blogs.msdn.com/b/schlepticons/archive/2010/07/22/modifying-asp-net-providers-at-runtime.aspx
It will show you, that also others were trying to do the similar. And this is how to succeed. Solution (if adjusted) could be similar to your needs.
put all the providers into your web.config
On App_Start adjust which will be the default (based on the Environment)
Membership API will be available as you need for Provider Key
No need to search for Provider by Name
NOTE: you have to tweak the void Application_Start(object sender, EventArgs e) implementation but the idea is there
NOTE2: What you are trying to do is definitely not exception. Configuration based on environment is pretty smart! What must be achieved is standard API usage, e.g. calls via Manager pattern
System.Web.Security.Membership
System.Web.Security.Roles
and not calls to the providers by name.
1) By default configuration elements have their connectionStringName attribute set to LocalSqlServer, and as far as I know, this attribute refers to connection defined in the element in machine.config file.
a) I assume this connection string refers to database aspnetdb.mdf?!
b) I understand aspnetdb.mdf is used in cases where we don’t manually create membership or profile database ( by calling aspnet_regsql ), but I still don’t understand the purpose of configuration elements having connectionStringName attribute set to LocalSqlServer set? Namely, when and why would they need to access this database?
c) What happens if we manually set membership database via aspnet_regsql and thus don’t use aspnetdb.mdf? How will configuration elements know that we’re not using aspnetdb.mdf and thus instead try to access database we created?
2) If we wanted LocalSqlServer entry from machine.config to point to some other database file, we could do the following:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name=”LocalSqlServer” ... />
</connectionStrings>
I understand that the purpose of <remove> element is to cancel any previously declared elements with same name, but in above example we simply changed the attribute of already existing connection, and as such machine.config doesn’t have two connections with same name, so why did we have to include <remove> element?
thanx
From the connectionStrings element article on MSDN:
Connection strings that are contained
in a parent configuration file are
inherited, unless the clear element is
used in the child configuration file.
The following default
connectionStrings element is
configured in the Machine.config file.
Copy Code
<connectionStrings>
<add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated
Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User
Instance=true" providerName="System.Data.SqlClient" />
</connectionStrings>
So if that section of the config file is not modified, it automatically has that connection string.
The convention used is one of many that could have been chosen to accomplish the same task, but the people who were on the ASP.NET team at MS at the time are really the only ones who can say "why" that set of conventions was used. My understanding is that the purpose of the current configuration is to make it as easy as possible for a beginner to get started. i.e. run some wizards, automatically generate database with preconfigured settings, drag-n-drop a few security controls and they have something to work with. Since this was designed for beginners, more experienced developers run into the same set of questions that you're having now because digging into how the pieces fit together isn't simple.
One of the things you'll notice in machine.config is that all of the providers (Membership, Roles, Profile, etc) use this LocalSqlServer connection string name, which again supports the beginner scenario. Therefore, to use youur own database, you need to remove the default definition of LocalSqlServer and define your own. There isn't a replace element in the config file definition, so you have to use the remove/add sequence, which is the logical equivalent. By changing the connection string and leaving its name as LocalSqlServer, all of the providers in machine.config get pointed at your DB. This gives you the default provider definitions in for your database.
Now, if you wanted to customize the provider definitions, you could add them to your own Web.config and change their settings. At that point, you could leave LocalSqlServer as the connection string for the custom provider definitions or you could create your own connnection string and then point your custom provider definitions at your own connection string and you won't need to worry about LocalSqlServer anymore. If you remove LocalSqlServer from you web.config, you'll need to add custom provider definitions to your own web.config that reference your database string.
Hope this helps,
Joe