I have a C# Winforms app that I'm porting over to ASP.NET. Everything works, but the connection to my Universe database currently uses my personal name and password. Instead, I'd like to get the user's name and password.
In web.config added the following to connectionStrings:
<add name="U2Connection" connectionString="Database=MY_DB;User ID=myuserid;
Password=mypassword;Server=MY_SERVER;ServerType=UNIVERSE;AccessMode=Native;
RpcServiceType=uvcs" providerName="U2.Data.Client" />
and in my class, I have the following:
public static U2Connection GetU2ConWebConfig()
{
string conn_str = ConfigurationManager.ConnectionStrings["U2Connection"].ToString();
U2Connection con = new U2Connection();
con.ConnectionString = conn_str;
con.Open();
return con;
}
How can I prompt the current user for their Universe username/password and pass it to the connection string? I know I could make 2 textboxes on the .cshtml page and pass it along with the rest of the form data, but is there a better or more secure way?
You could change your connection string like this:
<add name="U2Connection" connectionString="Database=MY_DB;User ID={0};Password={1};Server=MY_SERVER;ServerType=UNIVERSE;AccessMode=Native;RpcServiceType=uvcs" providerName="U2.Data.Client" />
Then you can pass through the user name and password to it using String.Format():
string userName = "User";
string password = "Password";
string connectionString = String.Format(ConfigurationManager.ConnectionStrings["U2Connection"].ConnectionString, userName, password);
Regarding security - I would suggest using HTTPS for your website or at least for the page where the user has to enter their credentials.