堆栈内存溢出
  简体   繁体   English

SQL Server 2005 SQL身份验证连接字符串

[英]SQL Server 2005 SQL Authentication Connection String

 原文  2009-08-10 18:08:39       c#/ sql-server/ sql-server-2005/ authentication/ connection-string

问题描述

I'm building an application that connects to SQL Server 2005. It currently uses Windows authentication, but I'd like to switch to SQL Authentication (I believe it is also sometimes called Mixed Authentication). 我正在构建一个连接到SQL Server 2005的应用程序。它当前使用Windows身份验证,但是我想切换到SQL身份验证(我相信有时也称为混合身份验证)。 My current connection string is: 我当前的连接字符串是: 

"Data Source=LOCALHOST;Initial Catalog={0};Integrated Security=SSPI"

That's for Windows authentication, but for SQL, I am thinking: 这用于Windows身份验证,但是对于SQL,我在想: 

"Data Source=LOCALHOST;Initial Catalog={0};user id={1};password={2}"

Is this the correct way? 这是正确的方法吗? The code assumes that: 该代码假定:

  • {0} is the name of the database {0}是数据库的名称
  • {1} is the username {1}是用户名
  • {2} is the password {2}是密码

I'm switching to SQL authentication because I'm thinking of connecting to a SQL Server instance on a remote server - is SQL authentication the right way to do this, and would I just have to enter the IP where "LOCALHOST" is currently? 我正在切换到SQL身份验证,因为我正在考虑连接到远程服务器上的SQL Server实例-SQL身份验证是执行此操作的正确方法,我是否只需要输入当前“ LOCALHOST”所在的IP?

Thanks! 谢谢!

UPDATE: Thank you for all the great answers, guys! 更新:伙计们,谢谢您提供的所有很好的答案! All of them were wonderful and very helpful, I can't even decide which one to award "accepted answer" to, but I have voted up all of them because they rock. 所有这些都很棒,而且非常有帮助,我什至无法决定授予哪个“可接受的答案”,但是我投票赞成了所有这些,因为它们很摇摆。 Thanks again! 再次感谢!

5 个解决方案

解决方案1
 6 已采纳  2009-08-10 18:14:39

您以正确的方式前进,但我认为查看连接字符串可能比这里的任何答案对您有更大的帮助。

解决方案2
 2  2009-08-10 18:14:12

You can also use uid instead of "User Id" and pwd instead of "password": 您还可以使用uid代替“用户ID”,并使用pwd代替“ password”: 

"Data Source=LOCALHOST;Initial Catalog={0};uid={1};pwd={2}"

In place of LOCALHOST, you would either use the IP of the remote machine, or the DNS Name. 可以使用远程计算机的IP或DNS名称代替LOCALHOST。 Note that if multiple instances of SQL Server exist on the remote machine, you need to specify the instance under Data Source - eg "Data Source=11.22.33.44\\SQLEXPRESS". 请注意,如果远程计算机上存在多个SQL Server实例,则需要在“数据源”下指定实例-例如“数据源= 11.22.33.44 \\ SQLEXPRESS”。

解决方案3
 2  2009-08-10 18:34:00

There is an app for that: SqlConnectionStringBuilder : 有一个适用于此的应用程序: SqlConnectionStringBuilder 

SqlConnectionStringBuilder scsb = new SqlConnectionStringBuilder();
scsb.DataSource = "LOCALHOST";
scsb.InitialCatalog = ...;
scsb.IntegratedSecurity = false;
scsb.UserID = ...;
scsb.Password = ...;

SqlConnectionStringBuilder scsb = new SqlConnectionStringBuilder();
scsb.DataSource = "LOCALHOST";
scsb.InitialCatalog = ...;
scsb.IntegratedSecurity = true;

You can then extract the connection string from the builder's ConnectionString property. 然后,您可以从构建器的ConnectionString属性中提取连接字符串。 This way is error proof and you can later modify other properties like ConnectTimeout or AsynchronousProcessing , and you won't have to remember the string syntax. 这种方式可以防止错误,您以后可以修改其他属性,例如ConnectTimeoutAsynchronousProcessing ,而不必记住字符串语法。

解决方案4
 1  2009-08-10 18:11:16

Yes this will work exactly as you said. 是的,这将完全按照您所说的进行。

"Data Source=11.22.33.44;Initial Catalog={0};user id={1};password={2}" “数据源= 11.22.33.44;初始目录= {0};用户标识= {1};密码= {2}”

解决方案5
 1  2009-08-10 18:47:40

If you do not have a common Active Directory domain between the local and remote server, then I think you will need the SQL authentication. 如果本地服务器和远程服务器之间没有公用的Active Directory域,那么我认为您将需要SQL身份验证。 However, if you do have a common ADS domain, then I recommend using it – otherwise you have to either use a common SQL account for everyone (and then use an appropriate mechanism to encrypt the password) or create separate SQL accounts for each user, thereby duplicating data. 但是,如果您确实有一个通用的ADS域,那么我建议您使用它-否则,您必须为所有人使用一个通用SQL帐户(然后使用适当的机制来加密密码),或者为每个用户创建单独的SQL帐户,从而复制数据。

Be very careful with that Initial Catalog setting. 对该初始目录设置要非常小心。 If that value can be supplied by user input, then it might be used to try to attack another database, if you don't have good validations in place to protect against it. 如果该值可以由用户输入提供,那么如果您没有适当的验证来防止它攻击,则可以将其用于尝试攻击另一个数据库。 Sorry if I'm preaching to the choir :-). 对不起,如果我正在宣讲合唱团:-)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Microsoft SQL Server 2005的连接字符串中存在问题! - Problem in the connection string of Microsoft SQL Server 2005 ! SQL Server 2005中的连接字符串可以从文件中获取吗? - can connection string in SQL Server 2005 be taken from a file? 如何将SQL Server 2005从Windows身份验证更改为SQL身份验证? - How to change SQL Server 2005 from Windows Authentication to SQL Authentication? WCF:远程SQL Server 2005数据库连接 - WCF : remote SQL Server 2005 database connection 从 windows 移动 6 连接到 SQL Server 2005 - connection to SQL Server 2005 from windows mobile 6 在C#中使用SQL Server身份验证的连接字符串 - Connection string using SQL Server authentication in C# 无法通过Windows身份验证使用连接字符串连接到SQL Server - Unable to connect to SQL Server using a connection string with Windows authentication 将连接字符串从SQL Server更改为Windows身份验证 - Changing connection string from SQL Server to windows authentication 在SQL Server连接字符串中应使用哪种身份验证方法? - What authentication method should I use in SQL server connection string? SQL Server连接字符串 - SQL Server connection string
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM