I have a windows form solution which I have to implement to WPF browser application. All the code does is it queries an sql server based on a parameter given in a textbox.
string conString= #"Data Source = SQLserver; Initial Catalog = database; Integrated Security=SSPI;";
using (SqlConnection c = new SqlConnection(conString))
{
c.Open();
using (SqlDataAdapter a = new SqlDataAdapter(
#"SELECT * from datatable where col1 = '" + textBox1.Text + #"'
Order By col2;", c))
{
// fill a data table
a.Fill(source);
}
}
This sql server accepts only integrated windows authentication. So to work I simply runas the winform exe under the required user account.
How can I somehow run that WPF under the same account? Please note that it needs to be hosted on a web server and has to be available for many users.
Related
I have two computers. One is running SQL Server, and I can access the server using SQL authentication from the 2nd PC using SSMS.
I have created a C# Windows Forms application that connects to the database. However, I couldn't access my server from the application.
I disabled the firewall, allowed remote control, and allowed mixed mode authentication. I also forwarded required ports to my IP in my router settings.
I tried both these connecting strings, but they didn't help:
"Persist Security Info = False; User ID = gues; Password=gues;Initial Catalog = CoronaNurse; Server=" + server;
"Data Source=" + server + ";Initial Catalog=CoronaNurse;Integrated Security=false;UID=gues;Password=gues";
(server is a string that have IP of my server)
(gues is a login in my Server)
The weird thing is when I login as gues in SSMS from my 2nd computer I can access the server in the first computer.
The question is, how do I access my server from a computer that doesn't have SSMS or any specific Login?
I need my application to be able to connect to my server without anything else installed, but I can't find where my problem is.
Adding from comments:
Im using the connecting to get a con string from my DB depends on the table i get with my gue.login function SqlDataAdapter
adapter = new SqlDataAdapter("select * from gue.login('" + textBox1.Text.Trim() + "', '" + textBox2.Text.Trim() + "', '" + server + "')", conn);
SqlCommandBuilder cb = new SqlCommandBuilder(adapter);
DataSet ds = new DataSet();
adapter.Fill(ds);
string connection;
connection = ds.Tables[0].Rows[0][0].ToString();
Unless you haven't posted up all of your code, you don't appear to be controlling your SQL connection and I would strongly suggest that you use a parameterised call to protect against SQL injection from using direct text entry field values e.g.:
var dataset = new DataSet();
using (var connection = new SqlConnection(SqlConnectionString))
{
connection.Open();
var command = new SqlCommand("GetAll", connection);
command.CommandType = CommandType.StoredProcedure;
var adapter = new SqlDataAdapter(command);
adapter.Fill(dataset);
...
}
The SQL is wrong, and the connection strings look a little off. You might also need an instance name as part of the server. For example, instead of just localhost or 192.168.0.20, you might need localhost\SQLExpress or 192.168.0.20\..
One way you can find the connection string for sure is to use Visual Studio instead of SSMS to connect to the database. The Visual Studio Database Tools has a similar connection window as SSMS, and you can use it to show you the actual connection string it used.
When you've figured that out, try something more like this:
var connString = $"Server={server};Database=CoronaNurse;User Id=gues;Password=gues";
var sql = "select * from gue.login WHERE username = #username AND pHash = #pHash";
var ds = new DataSet();
using (var conn = new SqlConnection(connString))
using (var cmd = new SqlCommand(sql, conn))
using (var adapter = new SqlDataAdapter(cmd))
{
cmd.Parameters.Add("#username", SqlDbType.NVarChar, 50).Value = textBox1.Text.Trim();
cmd.Parameters.Add("#pHash", SqlDbType.Char, 60).Value = BCrypt.Net.BCrypt.HashPassword(textBox2.Text.Trim());
adapter.Fill(ds);
var connection = ds.Tables[0].Rows[0].Items[0].ToString();
}
Note the use of both parameterized queries and BCrypt (you can add BCrypt via NuGet). There are a few things in database development that are too important to do wrong, even for proof-of-concept and learning projects. One of these is SQL Injection. Another is password handling. What I posted still isn't quite right for password handling (you should instead retrieve the stored hash and use the Verify() method), but it's close enough to set you on the right path.
Someone has told me that I can't access my online SQL Server DB from a client PC that doesn't have a Local DB.
I guess that explains my problem perfectly!
I never knew that, in my case, that is my problem right?
I am working on a windows forms application. My goal is to write code so that when the application is launched, if the windows user is member of atleast the db_datareader sql role then allow him to use the application otherwise exit.
My connection string is as follows:
Data Source = svrname; Initial Catalog = dbname; Integrated Security = true
On the main form load event I am making a sql query using the below code:
SqlCommand com = new SqlCommand("SELECT IS_MEMBER('DB_DATAREADER');", con);
con.open();
var bool1 = Convert.ToBoolean(com.ExecuteScalar());
if(!bool1){
Application.Exit();
}
txtHeader = "Welcome!";
Is there any alternate way of doing this?
So, in the tutorial I was checking, he uses a Database and connect it using this
SqlConnection conn = new SqlConnection(#"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\RANBAH~1\Documents\testlogin.mdf;Integrated Security=True;Connect Timeout=30");
Although, I use SQL Server Management 17, which mean I have a server, So how do i get my SQL Connect Data Source? because afterward he uses it for
SqlDataAdapter sda = new SqlDataAdapter("select count(*) from login where username ='" + textBox1.Text + "' and password='" + textBox2.Text + "'", conn);
Any clue ?
Inside your project, in VS, connect to the server. Once you are on the server explorer, right click on the database to get the connection string. When you check the properties for the database, you should be able to see it.
You cannot get the connection string from SSMS, though you can get all the information for the connection string. Then, you can use those information to create your own connection string using this website: https://www.connectionstrings.com/ Just check which is better suited for you.
I have a database in SQL server 2008 r2 and I want to connect it with my site with the help of visual studio( using .net application)
Now the issue is that I want to create a web service that connects my db with my application but this connection should be language independent like it can be used by any client(not only use by .net client).
initially I have created a web service with the code below:
[WebMethod(Description = "Get all questions from question_options table")]
public DataSet GetLatestCustomers()
{
string str = "Data Source=MUNEEBA-PC;Initial Catalog=quizdb;Integrated Security=True";
using ( SqlConnection connection = new SqlConnection (str))
{
string Query = "SELECT * FROM [question_options] for xml auto ";
SqlCommand command = new SqlCommand(Query, connection);
connection.Open();
XmlReader rdr;
rdr = (XmlReader)command.ExecuteXmlReader();
DataSet ds = new DataSet();
ds.ReadXml(rdr, XmlReadMode.Fragment);
ds.AcceptChanges();
return ds;
but this doesn't seems to be effective.
You can use Entity framework from nuget packages (built in visual studio) , it have default connector for ms sql , but you can also find for mysql & postgre sql. Then expose your services as REST which is language independent.(http://en.wikipedia.org/wiki/Representational_state_transfer )
I'm an newbie who is trying to get learn some web programming. I'm making my site in VS 2012 using C#. I've got a database connected in the App_Data folder, using SQL Server CE 4.0. I'm attempting to connect to it as follows:
SqlCeCommand cmd1 = new SqlCeCommand("SELECT Admin FROM SystemUsers WHERE Email=" + user.Email);
SqlCeDataReader admin = null;
SqlCeConnection conn = new SqlCeConnection();
conn.ConnectionString = "Data Source=MyData.sdf;Persist Security Info=False;";
conn.Open();
admin = cmd1.ExecuteReader();
When I execute this, I get the following error:
An exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll but was not handled in user code
Any thoughts as to what I'm doing wrong? I've been trying to figure this out for hours.
You said that your database is in the APP_Data directory, but your connection string assumes that is in the root directory of your site.
Try with
conn.ConnectionString = #"Data Source|DataDirectory|\MyData.sdf;Persist Security Info=False;";
The |DataDirectory| is a placeholder string that the NET Framework changes to a predefined location where you data files are supposed to stay
And this is how I would change your code
using(SqlCeConnection conn = new SqlCeConnection(#"Data Source|DataDirectory|\MyData.sdf;Persist Security Info=False;"))
using(SqlCeCommand cmd1 = new SqlCeCommand("SELECT Admin FROM SystemUsers WHERE Email=#mail", conn))
{
conn.Open();
cmd1.Parameters.AddWithValue("#mail", user.Email);
SqlCeDataReader admin = cmd1.ExecuteReader();
while(admin.Read())
{
.....
}
}
As you can see, I have made this changes:
Added a using statement around the creation of the connection and of
the command. This will ensure proper closing and disposing of the two
objects.
Added a parameterized query to avoid problems in parsing text strings
and Sql Injections