I have a windows forms application which connects to an SQL Server 2008 R2 database using variously SMO, databinding, and ODBC connections.
Currently it uses entirely Windows authentication, but a client has requested that we also allow SQL Server logins.
Given the only Windows login I have, and can have, is my own, what can I do to test whether my code is actually using the SQL Server login and not simply connecting using my own Windows login?
Alternatively, what can I do to refine this question so it makes sense?
Thanks
Your question is too general but here are some steps you should take.
Create new sql login and only give necessary permissions to this user
Update all connection strings in your application. If these are not consolidated in one config file now is the good time to do this. You can even consider creating a separate class that will handle this.
Add login form to your app that will be shown at the application startup so that user can enter credentials
Best way to test this is to simply disable your windows user in SQL Server and see if application is still running.
Related
On one side I have a Windows service that uses Entity Framework to connect to a SQL Server instance and work with a database there.
On the other side I have a WIX based installer which has a bootstrapper .NET based GUI in which the user can enter connection details to be used in the connection string by the service. In this installer GUI I am also performing a check on the user provided data and check the database connection (using SqlConnection.Open() and even creating/dropping a database).
The issue appears in a workgroup environment, no domain controller present, and when the user chooses Integrated Security as an option. The bootstrapper application successfully connects to the SQL server and performs some operations with it, but then the Windows service fails to connect to the SQL server using Integrated Security. If I follow up by changing that to user and password authentication, the service works correctly.
Is there any way to have the bootstrapper fail connection if the service would fail, or the other way around?
Thanks.
The most likely cause is the user the service is running under and the user the installer is running under are different.
If the User running the installer has access to SQL Server through windows authentication the connection would succeed. Then if the service runs under a different account (Say LocalSystem) the user the service is running under does not have permissions to use integrated security.
The way around this to use a service account which has permissions on the server or use SQL Authentication.
I ran into this recently when deploying a service. The only way to fail the bootstrapper connection would be to run it as the account the service will run under (impersonation is one way to accomplish this) otherwise there is no way you can test the connection correctly.
Since you mention workgroups and no domain controller there may be some pass through going on with the user names and passwords. At one place I worked, on one of the SQL boxes (off the domain) each developer had a local windows account with the same password as their domain account. This allowed a pass through authentication (due to the username and passwords matching) and access to SQL Server. That may be what is going on.
A simple C# windows form application that uses a local SQL Server LocalDB (.mdf).
I want the end user to install the SQL LocalDB and application and run it in that simple, but also want the DB to be secured with a password (Like the one that is used on SQL Compact (sdf)).
I couldn't find that option in (mdf DBs) without creating a login in the server that should be identical to the one in the connection string! Which is not user friendly!
Need help! thanks :)
I wrote an application in c# & SQLite for storing data of all employees in a company which has around 500 employees. I want to put the database & the application in a file server/shared folder (MS server). Then all employees will have a shortcut of the application in their desktops. I want to make some input fields (text box) enabled/disabled based on the permission of the user runs the application. Whats the best practice for doing that?
I want the user can read/write in the database through my application only (the application is located in the same database folder). I don't want the user to reach the database without my application. How to do that?
I don't want the user to reach the database without my application
If your application will directly access the SQLite database via a Windows file share, this is impossible. Sure, you can make it inconvenient, but it's not really possible.
The only way to achieve this really is by introducing some middleware.
This would typically be a service (WCF perhaps) that listens for connections from your client application, authenticates them, and manages all access to the underlying database. The database would be stored in a location that is visible to the server only, and not visible through a Windows share to your users.
Also, SQLite isn't exactly a great choice for a multi-user system. You can kill two birds with one stone here - switch to a DBMS (MS SQL Server Express is free, also MySQL, PostgreSQL are common free choices) that accepts client connections over a network, and build your application to connect directly to the database server (using integrated Windows authentication may also be possible like this, so you can avoid an explicit logon). In a simple scenario this may be adequate and avoid you needing to build an explicit service layer.
In a more complex scenario, it can still make sense to have a middleware layer between the application and the database - this way, you can change the database design without changing the application design and deploying to all of your client machines - instead, just change the middleware layer in one place and your application won't know the difference.
If you don't want the users to reach your database you should create a client server architecture.
You can run your service on the same machine as the file server (running as a Windows Service) and use WCF for communication between your server and your client. You access your database from your server and let your server authenticate your users and validate that they have access to the application.
You can cheat and try to "hide" database credentials inside your client application, but that is security by obscurity and any one with some programming skills or similar can find out the credentials to the database and connect directly to the database.
I have a simple question, I was granted to a SQL Server database using windows authentication on my local machine, I need to know how to use this access on hosting server as well.
For example I am in the middle of writing some C# code that pulls data from this database, I can run this code on my local machine with my windows authentication no problem, but I can't run it on expected hosting server because that server obviously can't connect to that database.
I was just wondering how can I use windows authentication access remotely?
Thanks
Windows authentication must be enabled on the remote server to do this. This can be enabled in server properties > Security and by selecting SQL Sever and Windows Aucthentication radio button. Providing your windows credentials are added to the server then you should be able to login.
On your SSMS right click the database name select properties and select Security from the left hand menu and there you should see the "SQL Sever and Windows Aucthentication" option.
Obviously if your database is not on the same domain then this might not work.
I have developed a simple desktop application with a SQL Server database for a single PC and now the client want to make it work on multiple PCs. I want to know what is better: for the moment I have remote the database from sql management and all application just connect to it. Is this a good idea or do I have to do some modification to improve the executing of the application?
The database has a lot of information to be imported to the application.
I don’t have a good idea about WCF but would it help to read about it?
You could have a dedicated server with database hosted on it and all the client applications could connect to it. But one thing you have to take care of is transaction management that is while a user is updating some piece of information, no other user could change that piece of data to make that data inconsistent. You could a look at this post describiing Sql Server Transactions.
Depending on the requirements I'd recommend keeping the local database as cache for speedy application start and implement a synchronisation process where the local and remote databases are compared from time to time or triggered manually by the user.
This would be very similar to how for example IMAP email clients or Evernote works.