1

I'm building an application that connects to SQL Server 2005. It currently uses Windows authentication, but I'd like to switch to SQL Authentication (I believe it is also sometimes called Mixed Authentication). My current connection string is:

"Data Source=LOCALHOST;Initial Catalog={0};Integrated Security=SSPI"

That's for Windows authentication, but for SQL, I am thinking:

"Data Source=LOCALHOST;Initial Catalog={0};user id={1};password={2}"

Is this the correct way? The code assumes that:

  • {0} is the name of the database
  • {1} is the username
  • {2} is the password

I'm switching to SQL authentication because I'm thinking of connecting to a SQL Server instance on a remote server - is SQL authentication the right way to do this, and would I just have to enter the IP where "LOCALHOST" is currently?

Thanks!

UPDATE: Thank you for all the great answers, guys! All of them were wonderful and very helpful, I can't even decide which one to award "accepted answer" to, but I have voted up all of them because they rock. Thanks again!

Improve this question
0

5 Answers 5

Reset to default
6

You go in the right way, but I think that looking at Connection Strings may be much more helpfull to you than any answer in here.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Right, that was the website i was looking for! I remembered that there was a great site that has all this info, but couldn't remember what it was called - seeming a very deceptive name!
2

You can also use uid instead of "User Id" and pwd instead of "password":

"Data Source=LOCALHOST;Initial Catalog={0};uid={1};pwd={2}"

In place of LOCALHOST, you would either use the IP of the remote machine, or the DNS Name. Note that if multiple instances of SQL Server exist on the remote machine, you need to specify the instance under Data Source - e.g. "Data Source=11.22.33.44\SQLEXPRESS".

Improve this answer

Comments

2

There is an app for that: SqlConnectionStringBuilder:

SqlConnectionStringBuilder scsb = new SqlConnectionStringBuilder();
scsb.DataSource = "LOCALHOST";
scsb.InitialCatalog = ...;
scsb.IntegratedSecurity = false;
scsb.UserID = ...;
scsb.Password = ...;

SqlConnectionStringBuilder scsb = new SqlConnectionStringBuilder();
scsb.DataSource = "LOCALHOST";
scsb.InitialCatalog = ...;
scsb.IntegratedSecurity = true;

You can then extract the connection string from the builder's ConnectionString property. This way is error proof and you can later modify other properties like ConnectTimeout or AsynchronousProcessing, and you won't have to remember the string syntax.

Improve this answer

2 Comments

This is great, but it does make the process of extracting configuration values into your config file more difficult.
@sfuqua: not realy, since the SCSB construnctor acceps a connection string. When building the SCSB froma config setting conn string, you also validate the format in the process.
1

Yes this will work exactly as you said.

"Data Source=11.22.33.44;Initial Catalog={0};user id={1};password={2}"

Improve this answer

Comments

1

If you do not have a common Active Directory domain between the local and remote server, then I think you will need the SQL authentication. However, if you do have a common ADS domain, then I recommend using it – otherwise you have to either use a common SQL account for everyone (and then use an appropriate mechanism to encrypt the password) or create separate SQL accounts for each user, thereby duplicating data.

Be very careful with that Initial Catalog setting. If that value can be supplied by user input, then it might be used to try to attack another database, if you don't have good validations in place to protect against it. Sorry if I'm preaching to the choir :-).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.