SIGN UP MEMBER LOGIN:    
ARTICLE

Connection String Placement in ASP.Net

Posted by Abhimanyu Kumar Vatsa Articles | ASP.NET Programming July 15, 2010
Tags: Connection String Placement in ASP.Net, ASP.Net , Connection String, web pages
This Article will explain you about placing the connection string in web pages.
Reader Level:

HTML clipboard

Introduction and Demonstration

Connection strings are typically stored in web.config, and usually meant the appSettings section. Here is a example of connectin string which exist in config file.

<connectionStrings>
<add name="AppServiceName"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
 </connectionStrings>

Although the providerName attribute isn't compulsory, connection strings won't appear in the Configure Data Source dialogs without a provider name being set.

Within applications, we can access these connection strings in two ways. In code, we use the ConnectionStrings property of the ConfigurationManager object.

For example:

 SqlConnection conn = new SqlConnection();
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["AppServiceName "].ConnectionString;

The ConnectionStrings property contains a collection of the connection strings from the section in web.config, so we use the name property as the index to the collection. The ConnectionString property then returns the actual connection string.

Within the markup of ASP.NET pages, we use an expression builder, which is a new feature of ASP.NET 2.0. Expression builders allow we to declaratively access features such as connection strings, application settings, and resources. For example, consider the following code:

<asp:SqlDataSource id="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:AppServiceName %> "

The expression builder uses a server side <% %> block, but when the first character within that block is a $ sign this indicates an expression builder is to be used. Each expression builder has a known prefix, and for connection strings this is ConnectionStrings. In a similar method to code, we use the name attribute from the web.config section to identify the required connection string, using a : to separate the builder prefix from the name.

The beauty of these two methods is that from both code and markup we can use the centrally stored connection strings.

Conclusion

I hope this article will help you to place connection string in web pages.

HAVE A HAPPY CODING!
 

Login to add your contents and source code to this article
share this article :
post comment
 

public partial class Login : System.Web.UI.Page { SqlConnection cn = new SqlConnection("Data Source=LFI-IT-001;Initial Catalog=Payroll;User ID=sa;Password=test"); SqlCommand cmd; protected void btn_reset_Click(object sender, EventArgs e) { txt_uname.Text = " "; txt_pwd.Text = " "; } protected void btn_submit_Click(object sender, EventArgs e) { string var = Request.Params["var"]; if (var == null) { cn.Open(); cmd = null; cmd = new SqlCommand("select username,password from register where username='" + txt_uname.Text + "' and password= '" + txt_pwd.Text + "' ", cn); SqlDataReader dr = cmd.ExecuteReader(); if (dr.Read()) { string s = dr["username"].ToString(); Response.Write("Login Success"); Response.Redirect("Admin.aspx"); } else { Response.Write("<script>alert('Your not an authorised person')</script>"); cn.Close(); } } } }

Posted by ernest kumar Feb 11, 2011

public partial class Admin : System.Web.UI.Page { SqlConnection cn = new SqlConnection("Data Source=LFI-IT-001;Initial Catalog=Payroll;User ID=sa;Password=test"); protected void Button3_Click(object sender, EventArgs e) { GridView1.Visible = true; cn.Open(); SqlDataAdapter da = new SqlDataAdapter("Select * from Payroll where month='" + DropDownList1.SelectedItem.Value + "'", cn); DataSet ds = new DataSet(); da.Fill(ds, " "); GridView1.DataSource = ds.Tables[0].DefaultView; GridView1.DataBind(); cn.Close(); } }

Posted by ernest kumar Feb 11, 2011

Thanks for your comment......

If you want not to let anybody access in your database from your web application, it would be nice to setup 'EXECUTE' permission denied. Using this, no body can access database from web application. But the administrator can access it using 'SQL Server Management Studio Express'.

I hope it is one of the great way to eliminate access.

Cheers!
Abhimanyu

Posted by Abhimanyu Kumar Vatsa Jul 17, 2010

What is the best way of password management please? I'd like it to be hidden from a Notepad's peek -- be it a user or an occasional developer. Or more prescisely, I don't want anybody to get access to my database by simply reading some strings in my constructed application. Please advise.
Thanks.

--Igor

Posted by Igor Jul 16, 2010
TOP LEADERS
TRENDING UP
Sponsored by
Team Foundation Server Hosting
Become a Sponsor
MOST LIKED ARTICLE
TAG CLOUD
PREMIUM SPONSORS
  • ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications. Visit DynamicPDF here
    ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications. Visit DynamicPDF here
LATEST JOBS
Sponsored by
Team Foundation Server Hosting
Become a Sponsor
WHITEPAPERS AND BOOKS
Hosted By CBeyond Cloud Services TOP MEMBERSMOST VIEWEDTRENDING NOW PRIZESAWARDSBOOK REVIEWSSURVEY
PHOTOSTIPSCONSULTING TRAININGSTUDENTSMEMBERSMEDIA KIT SUGGEST AN IDEA
PRIVACY POLICY | TERMS & CONDITIONS | SITEMAP | CONTACT US | REPORT ABUSE © 2012 C# Corner. All contents are copyright of their authors.