I'm developing a program using entity framework with WPF and using a SQL credentials on the database.
When deploying the program it produces the program.exe.config file which contains the connection string. Any user can open it and see the credentials data (SQL username & password). I searched to figure out a way to hide them or encrypt but nothing useful in my case. I found that entity using base variable to get the connection from the app.config but when I tried after many ways to pass the connection string directly an the right way I faced a problem about the provider in the connection string.
[Solved]
i let the connection with app.config but with fake data for username and password .
then i created a setting to store the connection string . and at the instantiating of the db entity i changing the connection property stored in the settings . so i guess that your connection is safe now .
Related
seems there is no good way to encrypt database connect string for azure website (not cloud service), i already view the solution here
but, i can't store the database first entity framework connect string in the azure website setting, which will get below error, anyone knows how to make data base connect string secure in azure website using database first entity framework?
System.Data.Entity.Infrastructure.UnintentionalCodeFirstException: The context is being used in Code First mode with code that was generated from an EDMX file for either Database First or Model First development. This will not work correctly. To fix this problem do not remove the line of code that throws this exception. If you wish to use Database First or Model First, then make sure that the Entity Framework connection string is included in the app.config or web.config of the start-up project. If you are creating your own DbConnection, then make sure that it is an EntityConnection and not some other type of DbConnection, and that you pass it to one of the base DbContext constructors that take a DbConnection. To learn more about Code First, Database First, and Model First see the Entity Framework documentation here: http://go.microsoft.com/fwlink/?LinkId=394715
You don't have to include the connection string in the web.config for your site. You can manage the connection string in your azure account at:
App Services>[your_app_name]>Settings>Application settings
Under Connection strings section, you can set the key/value pair which is the connection name and the db connection string.
After you set those values, in the screen, the connection string will be hidden for display.
I am writing a linqpad script for migrating data into a db from an excel file. Once the data has been imported it needs to be synchronized between multiple dbs. This has been done in a dll as the functionality is used elsewhere.
My issue is that when passing a connection string to my dll from linqpad I get the message Login failed for user 'xxxxxxx'. As far as I can tell it is because the password for the SQL authentication is not passed in the connection string. IS there any way to make linqpad include the password in the connection string:
SyncController syncController = new SyncController(this.Connection.ConnectionString);
syncController.SyncAll();
If it is at all possible I want to avoid forcing the person who will be running this to update a password variable when running this. Thanks.
You're right: the password will disappear from the connection string after the connection is opened. This is a feature of the .NET Framework, and is not specific to LINQPad.
There are two workarounds. First, you can capture the connection string as the first line in your LINQPad script, before querying any data:
string cxString = this.Connection.ConnectionString;
The other workaround is to add the following text to your connection string:
Persist Security Info=true
To do this in LINQPad, right-click the connection and choose Properties. Click Advanced, and enter the additional connection string text into the box provided.
After I deployed my mobile service to Azure, calls to the service fails because of this error:
No connection string named 'ApplicationEntities' could be found in the application config file.
The error only occurs on Azure side. When I test the service locally, the connection to the remote database works without a problem.
I separated my solution into several projects:
Web Api
Business Logic
Data Access (contains the DbContext, database first)
Common (contains the entities generated by EF)
As I always do, I copied the connection string generated in my app.config of the DataAccess Assembly into the connectionStrings-Element of my web.config (Web Api project).
<connectionStrings>
<add name="ApplicationEntities" connectionString="<the connection string>" providerName="System.Data.EntityClient" />
</connectionStrings>
In the web deploy settings, I selected the connection string for "ApplicationEntities". I tested it with and without the option "Use this connection string at runtime (update destination web.config). I always get the same error.
Then I got curious and logged the connection strings available via the ConfigurationManager with something like this:
StringBuilder sb = new StringBuilder();
for (int i = 0; i < ConfigurationManager.ConnectionStrings.Count; i++)
{
sb.AppendLine(ConfigurationManager.ConnectionStrings[i].ConnectionString);
}
trace.Info(sb.ToString());
I got two connection strings:
data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true
Data Source=theserver.database.windows.net;Initial Catalog=thedb_db;User ID=theuser;Password=thepassword;Asynchronous Processing=True;TrustServerCertificate=False;
The username and password is strangely different from the username and password stated in the management portal.
Also the EF-Metadata information get lost.
I get this connection strings when testing locally:
data source=.\\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true
metadata=res://*/DataContext.ApplicationEntities.csdl|res://*/DataContext.ApplicationEntities.ssdl|res://*/DataContext.ApplicationEntities.msl;provider=System.Data.SqlClient;provider connection string=\"data source=theserveraddress,1433;initial catalog=thedb_db;persist security info=True;user id=theusername;password=thepassword;MultipleActiveResultSets=True;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;App=EntityFramework\"
I expect to get the same connection strings when running on Azure. Any idea what's going wrong?
Update:
I just went for remote debugging the service (see here). As I opened the downloaded publish-profile in my text editor, I discovered that there is an attribute SQLServerDBConnectionString - containing the connection string that always gets forced when deployed - with the same username and password I'm not aware of that it exists.
I tried to overrwite this connection string but it did not help. That connection remains the active.
Update 2 / May 29th 2014:
Seems that in the meantime the error has been fixed by the azure mobile team. Still running the same code using the database first approach and it's working now. Thanks a lot!
I have myself tried using DB first approach with dot net backend mobile services & ran into same sort of problems as you. Digging around further, following is my observation :
The azure mobile service with dot net backend must use code first approach only. This generates a specialised connection string with metadata (starting with res:)
The name of the connection string has to be the same as it is when you download the default sample todo app I.e. Ms_TableConnectionString.
There is an option in azure websites to select custom SQL provider to help make a custom connection string, this option, however, is not available for dot net backend mobile service in Azure Management portal.
P.s. Posting as answer because I don't have a enough points to comment..
Just wanted to give an update that I have been looking at this for some time and think I for the first time see it too. I don't know what is going on but wanted to let you know that we are indeed looking at it.
Henrik
(I don't have enough points to comment so having to do this as an answer)
Henrik, I have this same problem. If I ftp on to the box I can see that the web.config has the correct connection string but it fails as trying to use the username in the SQLServerDBConnectionString property (OoWUqr****Login). Is it possible you could let me know in what order it is looking for connection strings and where?
And if it can't stop it using the other user is there a way I can permission them for the correct database through mobile services?
Thanks
F
I have a made an EntityFramework model based on my Demo Database.
I want to include connection strings for Staging and production and then in my Console App prompt the user to see which database they want to perform the operation on.
When I was prompted to setup the EF.edmx file I just chose to store the connection string in the app.config file. I have seen a link to change the Connection string of EntityFramework Context when initializing it here
However when I store another connection to my Staging Database, I get an error "Keyword not supported: 'metadata'"
So I stripped down the connection string not to include the EntityFramework type of parameters such as metadata=res://*/MyDBItems.csdl|res://*/MyDBItems.ssdl blah blah
and used a very simple database connection string
data source=myDB;initial catalog=myDB;user id=myUser;password=myPass;MultipleActiveResultSets=True;
now my Context does instanciate but when I get to a query I get another error about:
Code generated using the T4 templates for Database First and Model First development may not work correctly if used in Code First mode. To continue using Database First or Model First ensure that the Entity Framework connection string is specified in the config file of executing application. To use these classes, that were generated from Database First or Model First, with Code First add any additional configuration using attributes or the DbModelBuilder API and then remove the code that throws this exception.
How can I switch between different databases with Entity Framework 5, thanks!
forget it I got it....what I did...I made a 2nd constructor in the Context.cs file
public MyContext(string dbModel) : base("name="+dbModel) {
}
then in my app.config I have the various settings for the Demo,Staging & Production database connections....this took the full entityframework connection string. I think the link I provided was for Code-First but I am using Database First.
how can i manage connection string of an ADO.net Object model dynamically?
i have connected my application to database using Entity Framework and connection string is automatically added to app.config. how can i get list of available servers and change connections string based on that in the run-time?
Just because VS adds the connection string to app.config by default it doesn't mean that is a good idea and if you do keep the connection string there you cannot change it at run time.
One solution is to keep encrypted connection string in your settings and that will allow you to dynamically change it at run time by simply calling:
Settings.Default.Save();
and
Settings.Default.Reload();