Build Connection Strings Seamlessly in .NET 2.0
Ensure Your Database Connection Strings Are Safe and Secure
October 30, 2009
asp:Feature
LANGUAGES:C#
ASP.NETVERSIONS: 2.0
Build Connection Strings Seamlessly in .NET 2.0
Ensure Your Database Connection Strings Are Safe and Secure
By Joydip Kanjilal
The basic requirement for connecting to a databaseinvolves the use of connection strings. A connection string is comprised of thedatabase server to connect to, the database name, the user s credentials, theauthentication mode that should be used, etc. In the earlier version of .NET (.NET1.x), we had to manually merge the various parameters to build the connectionstring and use it. With the advent of .NET 2.0, however, things have changed.You have the option of using the connection string builder classes available tobuild safe and secure connection strings seamlessly. This article presents howwe can make use of these classes to build our database connection strings in.NET 2.0 (with code examples where appropriate).
The Connection String Builder Classes in .NET 2.0
Whether you store your connection strings in theconfiguration file or you hard code them in your application, you no longerneed to dynamically concatenate the necessary parameters to build your databaseconnection strings. With .NET 2.0 you have the connection string builderclasses that are designed to eliminate syntax errors and potential securitythreats from SQL injection attacks in your database connection strings. Formore on SQL injection attacks see my article PreventSQL Injection Attacks.
We have four such classes that correspond to each type ofdata provider being used. You have the following connection string builders fromwhich to choose:
SqlConnectionStringBuilder
OracleConnectionStringBuilder
OleDbConnectionStringBuilder
OdbcConnectionStringBuilder
Needless to say, the names of these classes relate to thetype of the respective data providers. The DbConnectionStringBuilder class inthe System.Data namespace serves as the base for all these strongly typedconnection string builder classes. The following code snippet illustrates howwe can build our database connection string using theSqlConnectionStringBuilder class and specifying the required parameters throughthe properties of this class:
SqlConnectionStringBuilder sqlConnectionStringBuilder = newSqlConnectionStringBuilder(); //Create an instance of theSqlConnectionStringBuilder class
sqlConnectionStringBuilder.UserID = // The database user's id
sqlConnectionStringBuilder.Password = //Password for the databaseuser
sqlConnectionStringBuilder.DataSource = // The name of thedatabase server to connect to
sqlConnectionStringBuilder.PacketSize = // Size of the datapacket
sqlConnectionStringBuilder.InitialCatalog = // The name of thedatabase to connect to
sqlConnectionStringBuilder.ConnectTimeout = // The connectiontimeout value in seconds
As an example, you can build your database connectionstring for the database test that resides in your local system, as shown inthe code snippet below:
SqlConnectionStringBuilder sqlConnectionStringbuilder = newSqlConnectionStringBuilder();
sqlConnectionStringbuilder.DataSource = "(local)";
sqlConnectionStringbuilder.InitialCatalog = "Test";
sqlConnectionStringbuilder.IntegratedSecurity = true;
Once you are done with specifying the differentparameters, you can retrieve the connection string using the ConnectionStringproperty of the SqlConnectionStringBuilder class, as shown below:
String connectionString =sqlConnectionStringBuilder.ConnectionString;
Now you can create a connection using the connectionstring built earlier (in either of the following two ways):
SqlConnection connection = newSqlConnection(sqlConnectionStringbuilder.ToString());
or
SqlConnection connection = newSqlConnection(sqlConnectionStringBuilder.ConnectionString);
Conclusion
.NET 2.0 allows you to dynamically build databaseconnection strings that are safe and error free. You no longer need to appendthe required parameters to build your database connection strings. This articlehas taken a brief look at the connection string classes in .NET 2.0 andillustrated how we can use them programmatically.
Working extensively in Microsoft technologies for more than 10years, Joydip Kanjilal is a SeniorTechnical Leader in the Design and Architecture team for a reputed company in aHyderabad, India.His programming skills include C, C++, Java, C#, VB, VC++, ASP.NET, XML, andUML. He has worked with .NET and C# for more than five years. Reach Joydip at mailto:[email protected] orat his blog at http://aspadvice.com/blogs/joydip/.
About the Author
You May Also Like