I have been impressed with the improvements to the DataSet Designer and the new TableAdapters in VS2005. So much so that I have used them on a smaller recent project to create the DAL rather than my current favourite O/R mapper LLBLGen (If you haven't tried them yet, see ScottGu's great introduction).
One of the features of course is the fact that it creates a typed dataset simply by dragging a table from server explorer onto the design surface. You can then modify properties and configure the generated Table Adapter or add additional queries. You can also preview the results of command. All this requires a connection to your database, and where the connection string is stored for this and then used elsewhere has caused some confusion here. So where exactly is the connection string for this stored?
Well if you are using a separate class library project to create this, then a couple of things happen. When you drag the table onto the dataset designer VS creates a Settings class under Project > Properties > Settings.settings > Settings.Designer.cs in solution designer and also adds an app.config file. If you look inside these you may be surprised to see that the connection string is stored in both places. The settings class with have something like this:
[
global::System.Configuration.ApplicationScopedSettingAttribute()][global::System.Diagnostics.DebuggerNonUserCodeAttribute()][global::System.Configuration.SpecialSettingAttribute(global::System.Configuration.SpecialSetting.ConnectionString)][global::System.Configuration.DefaultSettingValueAttribute("Data Source=Server;Initial Catalog=Database;Persist Security Info=True;Use" +"r ID=fred;Password=password")]
public string MyDataBaseConnectionString {
get {
return ((string)(this["MyDataBaseConnectionString"]));
}
}
You will note that the connection string is stored as a default setting for the property
And the app.config will have something like this:
<
add name="Bbits.Forum.Properties.Settings.MyDataBaseConnectionString"
connectionString="Data Source=Server;Initial Catalog=Database;Persist Security Info=True;User ID=Fred;Password=password"
providerName="System.Data.SqlClient" />
Editing the property using the Settings tab in the property window for the project will update both these places.
So far so interesting. But what happens when we reference this library from another project? And ultimately from our front end? Well as you may know the app.config will not be kept with the referenced assembly so that can be ignored. However the settings class has this connection string as a default so that means the Dal will be able to connect to the database without any more work. That also means there is a potential security risk if you are not aware of this. Your connection string is not encrypted here and anyone could use a tool like Reflector to see the details. So your best choice here is to make sure that you have used a trusted connection for database connections in this project. That way you are not potentially exposing any database credentials.
Of course a trusted connection is likely to work in the design environment but not in the app. So how do we override this connection string from web.config (or a windows app's app.config)? That's simple: just copy the connectionStrings entries from your app.config in your class library into your web.config and change the values to the correct one. You can then go ahead and encrypt this section for your release deployment
Hope this helps
Ian
Comments are disabled for this blog - but please feel free to comment via the contact page