从 .net 应用程序动态更改数据源传递到连接字符串
我的 Visual Studio .NET 应用程序使用 SQL Server 2005 Express。
它必须安装在我客户的主服务器系统上在两台客户端计算机上。均使用 Windows XP 或 Vista 或 7。
现在,每次当我安装应用程序时我的客户计算机上的 SQL Server,我必须更改连接字符串中指定的服务器名称,即数据源。 因为,当我在客户的计算机上安装SQL Server时,SQL Server 2005 Express会将服务器名称作为客户的计算机名称。
那么,解决这个问题的办法是什么呢?
- 我应该将客户的计算机名称更改为我在连接字符串中指定的名称吗?
- 或者,我应该在运行时从 .net 应用程序动态获取服务器名称,然后将其传递给连接字符串。
另外,登录也有同样的问题吗?我的 .NET 应用程序会要求登录并登录。来自客户的密码,然后该密码将被传递到连接字符串&应用程序将连接到 SQL Server。那么,这样的安全性可以吗?如果没有,那么从 .NET 应用程序动态创建 SQL Server 登录名的其他解决方案是什么。
另外,我应该为此目的创建应用程序角色,即解决登录问题吗?
我的连接字符串是:数据源= A-9(计算机名称); Trusted_Connection = true;
----------------------------------------------------------编辑--- ------------------------------------
在我的客户那里,'APP_SVR'是服务器机器名称,他有2个客户 m/cs:C-1 & C-2。所有 3 台都是 LAN 上的简单家用 PC,运行 Windows XP。
1.我将在“APP_SVR”上安装 SQL SERVER EXPRESS。安装时, SQL SERVER自动将服务器名称作为计算机名称 它安装在其上,这里是“APP_SVR”。 因此,“APP_SVR”将是 conn 中的数据源名称。细绳。
2.我将在C-1、C-2上安装.NET应用程序。
3.现在,C-1、C-2 上的应用程序必须连接到“APP_SVR”上的 SQL SERVER。 为此,应用程序。需要数据源名称。因此,我将从中获取数据源名称 使用 C-1 和 C-1 的用户C-2,作为文本输入&然后将其传递给连接字符串。
用户将其输入为“APP_SVR”。
这对于安全问题来说可以吗?或者还有其他办法吗?
My Visual Studio .NET application uses SQL Server 2005 Express.
It has to be installed on my customer's main server system & on two client computers.all with Windows XP or Vista or 7.
Now, every time when i install my application & SQL Server on my customers computers, I have to change the server name specified in the connection string, i.e. the DATA SOURCE.
Because, when I install SQL Server on customer's computer, then the server name is taken by SQL Server 2005 Express, as the computer name of the customer.
So, what's the solution for this?
- Shall I change the computer name of the customer, to what i have specified in my connection string.
- or , should i take the server name dynamically on runtime from the .net application and then pass it to the connection string.
Also, the same problem is for login? My .NET application would ask for the login & password from the customer, which would then be passed to the connection string & the application would connect to SQL Server. So, is this ok with security? if not, then what's the other solution to create logins of SQL Server from the .NET application dynamically.
Also, should i create APPLICATION ROLES for this purpose , i.e. for solving the login problem?
My connection string is : Data Source = A-9 (computer name) ; Trusted_Connection = true;
----------------------------------------------EDITED---------------------------------------
At my customer's place,'APP_SVR' is server machine name, he has 2 client
m/cs : C-1 & C-2. All 3 are simple home PCs on LAN, with Windows XP.
1.I will install SQL SERVER EXPRESS on 'APP_SVR'. While installation,
SQL SERVER automatically takes the server name as the computer name
on which it is installed , here it is 'APP_SVR'.
So , 'APP_SVR' will be the DATA SOURCE NAME in the conn. string.
2.I will install the .NET application on C-1,C-2.
3.Now, the application on C-1,C-2 will have to connect to SQL SERVER on 'APP_SVR'.
For this,the applcn. needs DATA SOURCE NAME. So, I would take the data source name from
users using C-1 & C-2, as a text input & then pass it to the connection string.
The users would enter it as 'APP_SVR'.
Would this be fine with security issues ? or is there any other way?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
就涉及连接字符串而言,oleschri 是正确的。最好的选择是使用 app.config 文件。然后,您必须手动更改连接字符串以指向正确的服务器。没有真正的方法可以动态地实现这一点,因为在看到环境之前,您无法知道从客户端到客户端的服务器计算机的 IP/名称。
至于登录并将应用程序连接到 SQL,可以按照您建议的方式完成。使用用户提供的用户名和密码动态更改连接字符串。
通常,我通过在数据库中创建用户表来处理此问题。该表将具有用户名和密码以允许访问我的程序。 SQL Server 中的登录名应用于限制/保护对数据库本身的访问。我通常创建一个登录名/用户,然后所有用户都使用它来访问数据库。这有助于锁定对数据库的访问,同时允许您提供访问应用程序的安全性。为此,您需要从用户那里获取用户名/密码并检查数据库以查看它是否存在且正确。如果是这样,请让他们继续,如果不是,请让他们留在登录屏幕上并告诉他们用户名和/或密码错误。
As far as the connection string is involved, oleschri is correct. Your best option is to make use of an app.config file. You will then have to change the connection string to point to the correct server by hand. There is no real way of making this dynamically as you have no way of knowing the ip/name of the server machine from client to client until you see the environment.
As for the logins and connecting the application to SQL, this can be done the way you are suggesting. With changing the connection string dynamically with the username and password provided by a user.
Generally, I handle this by creating a users table in my database. This table would have usernames and password to allow access to my program. The logins in SQL Server should be used for limiting/securing access to the database itself. I generally create one login/user and all users then use this to access the database. This helps to lock down access to the database while allowing you to provide security to access the application. For this to work though, you will need to take the username/password from the user and check the database to see if it exists and is correct. If so let them continue, if not keep them at the login screen and tell them that either the username and/or password is wrong.
我肯定会选择替代方案 2,更改客户的计算机名称可能会让他们或他们的 IT 管理员非常生气。
I would definately go with alt 2, changing your customers computer names might make them, or their it-admins, pretty darn angry.
假设您的客户端应用程序是某种 WinForms 应用程序,连接字符串应驻留在应用程序的 app.config 文件内,并且在安装时应设置为正确的值。
在 app.config 中包含连接字符串可以帮助管理员在服务器名称或数据库名称随时间变化时轻松更新客户端。
如果您如果想要使用集成Windows安全性(当前登录的域用户),可以将需要授权的用户放入一个组中,并在SQL Server中对该组进行相应的授权。您还必须在连接字符串中指定
Integrated Security=True。Assuming your client application is some kind of WinForms application the connection string should reside inside the application's app.config file and should be set to the correct value when installing it.
Having the connection string in the app.config helps admin to easily update the client when server names or database names change over time.
If you want to use Integrated Windows Security (the currently logged on Domain User) you can put the users to be authorized into a group and authorize this group in SQL Server accordingly. You also have to specify
Integrated Security=Truein your connection string.