Can't login

Can't login

Old forum URL: forums.lhotka.net/forums/t/2450.aspx

csm101 posted on Wednesday, February 28, 2007

I'm running the PTWin project.  After clicking "OK" on the login box I get:

 

{"DataPortal.Fetch failed (System.Data.SqlClient.SqlException: The user instance login flag is not supported on this version of SQL Server. The connection will be closed.

 

I'm using the full SQL Server 2005 database engine.  I've attached the database files and tried changing the connection strings in App.config but it still doesn't work. 

Does anyone know what's going on?

 

Thanks.

 

RockfordLhotka replied on Wednesday, February 28, 2007

It sounds like you didn't successfully change the config settings, because that message means the conn string still says to use SQL Express...

csm101 replied on Thursday, March 01, 2007

Turns out I have to supply the userID and Password ("pm") right in the connection strings like this:

<connectionStrings>

   <add name="PTracker"

      connectionString="Data Source=.\SQLSERVER2005;Initial Catalog = CSLA_PTRACKER;Integrated Security=False;UID=&quot;pm&quot;;PWD=&quot;pm&quot;"providerName="System.Data.SqlClient" />

   <add name="Security"

      connectionString="Data Source=.\SQLSERVER2005;Initial Catalog = CSLA_SECURITY;Integrated Security=False;UID=&quot;pm&quot;;PWD=&quot;pm&quot;"providerName="System.Data.SqlClient" />

</connectionStrings>

But this is not very secure as the password is now in plain text in the App.config file.  Is there any way around this?

 

Thanks.

 

 

 

 

RockfordLhotka:
It sounds like you didn't successfully change the config settings, because that message means the conn string still says to use SQL Express...

RockfordLhotka replied on Thursday, March 01, 2007

Well, you can either connect to SQL Server using integrated security or SQL security. In your case you’ve set up the db to use SQL security, so it requires that you provide a SQL username and password. If you switch to integrated security it will use the Windows security token of the process that’s contacting the database.

 

There are many, many issues around both of these security models. Each has strengths and weaknesses, and the right answer varies depending on your environment, security needs, and so forth. You should do some research on database connection security – probably on MSDN, but I’m sure many books on programming apps using databases cover the options as well.

 

Microsoft recommends integrated security, but it does have its drawbacks, so educate yourself first.

 

Also, it is possible (at least with web.config) to encrypt the <connectionStrings> region of the config file. I don’t know for sure if that can be done for Windows apps. But that may be an option for you as well.

 

Rocky

Copyright (c) Marimer LLC