2

I'm trying to use Entity Framework and it put it's connection string into app.config. I would like to move it to code as it's easier for me at this stage of development.

metadata=res://*/database.csdl|res://*/database.ssdl|res://*/database.msl;provider=System.Data.SqlClient;provider connection string="data source=computer;initial catalog=database;persist security info=True;user id=user;password=Mabm@A;multipleactiveresultsets=True;App=EntityFramework"

How can I make Entity Framework use connection string from code rather then look at the app.config? Alternatively if it's not possible how can I pass parameters to app.config (like dbname, dbuser, dbpassword)?

Improve this question
4
  • 6
    "I would like to move it to code as it's easier for me at this stage of development. " - how is that easier than having it in the app.config? Leads me to suspect the real question you want answering is not the one you have asked. Commented Jan 23, 2012 at 10:45
  • I want to deploy it to users and don't want passwords/logins stored inside app.config. Before Entity Framework I was hard coding this in code. May not be the best solution but at this stage I simply don't want to have open text login/password for database in app.config. So either I have to somehow pass parameters into this or hardcode the connectiong string. Commented Jan 23, 2012 at 10:47
  • @MitchWheat it's one way but this means I have to touch database security and I am basically giving a user ability to access database with SQL Management Studio and peak directly into database if he wishes so (probably they won't do it as they don't know how but still). Commented Jan 23, 2012 at 10:51
  • 1
    In such case use integrated security (I doubt you are using direct DB access in non-domain infrastructure). By hard coding user name and password into your application you didn't make it more secure. You just made it worse architecture. Commented Jan 23, 2012 at 11:28

5 Answers 5

Reset to default
4

You can use EntityConnectionStringBuilder for this purpose. Check here

public string GetConnectionString()
    {
        string connectionString = new EntityConnectionStringBuilder
        {
            Metadata = "res://*/Data.System.csdl|res://*/Data.System.ssdl|res://*/Data.System.msl",
            Provider = "System.Data.SqlClient",
            ProviderConnectionString = new SqlConnectionStringBuilder
            {
                InitialCatalog = ConfigurationManager.AppSettings["SystemDBName"],
                DataSource = ConfigurationManager.AppSettings["SystemDBServerName"],
                IntegratedSecurity = false,
                UserID = ConfigurationManager.AppSettings["SystemDBUsername"],
                Password = ConfigurationManager.AppSettings["SystemDBPassword"],
                MultipleActiveResultSets = true,
            }.ConnectionString
        }.ConnectionString;

        return connectionString;
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks. This with Daniel's answers is what I need. I'll accept Daniels as he answers to my question but without his answer wouldn't be complete.
2

When you create an instance of your ObjectContext derived class, you can simply pass the connection string as a constructor argument.

Improve this answer

1 Comment

Nice, why I didn't thought about that :-)
0

Rather than use a username and password, why not use Integrated Security? It is more secure and easier to manage.

i.e. 'Trusted_Connection = Yes' in your connection string and securely manage access through AD.

Connection Strings

Improve this answer

Comments

0

First, create your context using the constructor with the connectionString parameter. http://msdn.microsoft.com/en-us/library/gg679467(v=vs.103).aspx

Note that it's not directly this constructor that you must call, but the specific inherited context constructor for your database that your Entity generator created for you.

Furthermore, if you want to pass the username and password at runtime, you can create a connection string using this class: http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnectionstringbuilder.aspx

See here: http://msdn.microsoft.com/en-us/library/bb738533.aspx

Improve this answer

Comments

0

If the connection string log in details are always the same then I would suggest that you use ConfigurationManager to retrieve the connection string from your app.config and encrypt the ConnectionStrings section of the file.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.