I'm trying to make a login app.
I would like to know how the connectionString on app.config is made for an online connection and if I would need anything else to reach the database, being as I'm trying to go directly to the user table on that database and perform a check for the login (as I already made it happen with a local database)
Best Regards
Your online database, does that mean a database at a remote location?
I would advise against going directly to a remote database unless that database server is protected in a LAN environment with no outside public access. Public access would also be considered if users inside the LAN also have unregulated access to the remote server. In any thick click based application the typical architecture would be to go through a proxy source or set of WebServices to authorize and authenticate users. Direct access opens your SQL server up to remote attacks.
That being said the connection string to an SQL server (remotely) could be:
Standard User\Pass
Server=myRemoteServer;Database=myDataBase;User Id=myUsername;
Password=myPassword;
Now chances are there are firewalls between the remote database and your client APP protecting remote logins (as there should) and it is a good possiblity that SQL server has disabled remote logins. Read here for more http://blogs.msdn.com/b/walzenbach/archive/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008.aspx
I must point out again that this is a very bad idea and I would personally create a set of WCF WebServices to run on the server with the database. The WCF services would be responsible for connecting to the database to verify the credentials and return a structured datamodel.
WPF Applications are designed to work really well with the Async methods of WCF services and are very simple to setup. Using this model you can also setup more advanced layers of authentication using hashed token sets, implement SSL to block sniffing out the plain text, and keep your database protected from external access.
There are alot of examples on the web to connect to WCF services from a WPF application.
Related
What are cons and pros of web service vs direct client-sql server communication?
From my understanding:
Pros:
If web service is installed on same computer as remote db then there is no need to open sql server port so that client can access to remote db. If web service is on another computer then port needs to be open for web service to access remote db.
If someone manages to get a hold of user:pass he only can do operations on db that web service exposes, not all operations on entire db.
Cons:
More work for programmer
Slower
The main difference is that if you go with a Web Service/Rest Api you are centralizing the Business Layer where if there is a bug or a change you can control it very easily with no need of client upgrades.
I will only recommend you to go with direct db access only if you have a small number of clients, over a local network with too few updates to the business logic (aka simple app).
We have the following set up:
Windows Mobile Device with GPRS connection
Windows Server PC with SQL Server 2012
VPN Network where both devices contained (the cell carrier routes certain IPs inside VPN)
Status:
With the above set up I can ping directly from the mobile device to Windows server internal IP via GPRS.
Question:
Can I create connection to SQL server from my Mobile using the server's internal IP?
My con string is:
"Data Source =xxxxxxxx,1433;Initial Catalog=xxxxx;Integrated Security=SSPI;User id=xxxxx;Password=xxxxx;Connect Timeout=15"
EDIT:
More Questions:
How can I implement it if yes
What are the pros and cons in accordance to David's comment
If you have a VPN and can ping the internal server then you can connect directly to SQL Server using the normal data access libraries available in the .Net Framework. Having said that, I would strongly advise against it. It's much preferable to have a middle tier service that interfaces between the mobile device and the database. Here are some reasons (off the top of my head) why this is better:
Mobile connections are inherently unstable and SQL connections are not great at handling that.
Having a service means you don't even need a VPN as it can be public facing (with relevant security of course).
If in future you decide to move form SQL Server to DocumentDB/Azure/carrier pigeon, then you need to update every single mobile device to cope with the change. If you have an intermediate server, you can just update that.
If database schema changes, you may break all of your client applications in one go.
Your middle tier can do other useful things like caching, logging etc.
SqlServerDBConnection.SqlServerDBConnection objDB = new SqlServerDBConnection.SqlServerDBConnection();
string s = SqlServerDBConnection.SqlServerDBConnection.ConnStr;
bool isDBCreated = objDB.CheckAndCreateDatabase(txtSrvName.Text.ToString(), txtUid.Text.ToString(), txtPwd.Text.ToString(), txtDB.Text.ToString());
Above is the code which is being used to connect , create database using script.
Above code runs awesome on local but when I deployed on client side it shows
"Failed to connect to server".
SqlConnection is working fine.
Sql server is connecting database to server.
Is there any code issue or security issue?
I'm not sure there's enough information in the question to resolve the issue but some ideas:
Check if firewall is allowing connections on TCP 1433.
To test it you can simply telnet the server from outside the network to simulate your client's conneciton:
telnet {SERVER_IP} 1433
If you can't connect, check out this document: Configure the Windows Firewall to Allow SQL Server Access
Make sure SQL Server is set to accept remote connections
In SSMS, right click on the server name and select Properties. In Connections section make sure "Allow remote connections to this server" is checked.
Having that said, I wouldn't recommend connecting to database directly from the client site. A better approach would be putting a web API in front of the database and let the API handle database operations. Since the data will be transmitted over HTTP/HTTPS firewall configurations and network access wouldn't be an issue. But it's just a long-term solution obviously.
Hope this helps a bit.
Hosting services commonly provide support for webapps (say ASP.net, Rails or Django) and a few databases (e.g. SQLServer, MySQL).
I prefer C# WinForms for most of my own apps (speed of graphics updates eg.), but I'd like to have a webbased DB behind it so I can access it from multiple locations.
Is there a reason that I couldn't use such a web-provider just for my databases, i.e. not serve a dynamic webpage but just answer my sql queries?
Existing posts that appear to answer similar questions exist, but I would like to obtain more clarity.
E.g. does the webserver provide additional security that is otherwise hard to obtain?
Does the 'correct' answer include the keyword WCF? Do I need the hosting service to support WCF explicitly?
There is no technical limitation in accomplishing what you are asking, but most of the hosting providers (shared hosting mainly) restrict access to their database to be within their internal network. If you can find a hosting provider who provides you the option to connect from external network you are good to go.
One thing you want to keep in mind when you are distributing your winforms client is that the connection string can be extracted by the end user if he is a smart enough person. It would be prudent to encrypt the connection string in the configuration file and also use encryption for the connection it is making to the database (SslMode=Required in the connection string).
When you are using WCF, it helps you to implement an additional layer of abstraction and protection. You can use your own membership to authenticate the user who can have access to the WCF services and not worry about connecting from the client to the database directly.
All being considered, going with a WCF or any other web service layer instead of directly connecting to the database from the client would be better approach.
I have an application developed in C# for desktop which will access MySql Database in an online server. Since it is a shared database the client IP can't access the Database directly so i need to implement a proxy server which can accept the request from the client and after processing the business logic by using the Database it will return the result back to the client. The proxy will be acting as an intermediator. I haven't been able to think of a way to implement the proxy server to handle the request. Leaving the Proxy aside the other things are in place and running fine. Any other alternative is most welcome!!!!
Wouldn't it be better if your application just makes a HTTP-request to a page on your server, and the page itself executes the query and returns the result as json, xml, csv or whathaveyou? This way you avoid problems with users behind a firewall who can only use port 80, and it's easier for you to filter out malicious queries in your script before they reach the database.