CODEWITHSUNDEEP
c#asp.netsql-server
KMS1991
KMS1991

Reputation: 21

Connection String Issues in C# ASP.NET

The current program I am working on is for a Registration page for a shopping cart, I have setup a SQL Server with tables to allow data to be recorded as

  1. UserName,
  2. Email,
  3. Password all are set a Nvarchar(max).

The version of the .NET Framework is 4.5 and I am using VS 2012 and am coding in C#, and the server is an SQL Server instance KENSULLIVAN-PC\KSSQL using integrated Windows Authentication.

So far, I have been able to run the registration page to the point where it will save a cookie of the information but, not send any information to the tables in SQL Server. 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class Account_Register : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        RegisterUser.ContinueDestinationPageUrl = Request.QueryString["ReturnUrl"];      
    }
    //Submit button for user registration information
    protected void RegisterUser_CreatedUser(object sender, EventArgs e)
    {
        int TheUserID = 5000;
        SqlConnection conn = new SqlConnection("Server=KENSULLIVAN-PC/KSSQL;Database=GroupProject; Integrated Security=True");

        //INSERT command for values to be updated or added to the Database
        SqlCommand comm = new SqlCommand("INSERT INTO RegUser (UserName, Email, Password) VALUES (@UserName, @Email, @Password)", conn);
        comm.Parameters.Add("@UserName", System.Data.SqlDbType.NVarChar, 100);
        comm.Parameters["@UserName"].Value = RegisterUser.UserName; 
        comm.Parameters.Add("@Email", System.Data.SqlDbType.NVarChar, 100);
        comm.Parameters["@Email"].Value = RegisterUser.Email;
        comm.Parameters.Add("@Password", System.Data.SqlDbType.NVarChar, 100);
        comm.Parameters["@Password"].Value = RegisterUser.Password;       

        try
        {
            conn.Open();
            comm.ExecuteNonQuery();
            Response.Redirect("~/LoggedIn.aspx");
        }
        catch
        {
           //ErrorDB.Text = "Error Submitting, Try Again";
        }
        finally
        {
            conn.Close();
        }

        FormsAuthentication.SetAuthCookie(RegisterUser.UserName, false /* createPersistentCookie */);
        string continueUrl = RegisterUser.ContinueDestinationPageUrl;

        if (String.IsNullOrEmpty(continueUrl))
        {
            continueUrl = "~/LoggedIn.aspx";
        }
        Response.Redirect(continueUrl);  
    }
}

What should I be doing differently, what do you notice that is not really recommended?

Thank you, Kenneth

Upvotes: 2

Views: 819

Answers (2)

ljh
ljh

Reputation: 2594

First of all @Adam already pointed out, your connection string has issue, for named instance of SQl server, if you are using .Net, it should be backslash 

SqlConnection conn = new SqlConnection("Server=KENSULLIVAN-PC\\KSSQL;Database=GroupProject; Integrated Security=True");
OR using @

SqlConnection conn = new SqlConnection(@"Server=KENSULLIVAN-PC\KSSQL;Database=GroupProject; Integrated Security=True");

Second, because you are using Window Authentication, you need to set you ThreadPool which host you web application to run under a windows domain account, which has enough permission to backend database.

If each user using your web site login with windows domain account, and you want to use user's window domain credential to access to backend database, then you need more set up, you need the impersonation, you probably also need constrained delegation.

Upvotes: 0

Adam Plocher
Adam Plocher

Reputation: 14233

I see a couple of possible issues.

First, the instance name for SQL databases should be using a backslash. Of course you'll need to escape that backslash, so try this:

SqlConnection conn = new SqlConnection("Server=KENSULLIVAN-PC\\KSSQL;Database=GroupProject; Integrated Security=True");

Second, integrated security can be a little tricky from ASP.NET since often times it's running from a service or system account. You may want to enable MIXED authentication mode in MS-SQL, create a SQL account, and pass in a username and password. I would recommend storing your connection string in the web.config and encrypting it.

Is there a specific error/exception you're receiving? That would be very helpful to us.

Upvotes: 2

Related Questions