Bewerken

Delen via


Save and edit database connection strings for .NET Framework applications

Note

Datasets and related classes are legacy .NET Framework technologies from the early 2000s that enable applications to work with data in memory while the applications are disconnected from the database. The technologies are especially useful for applications that enable users to modify data and persist the changes back to the database. Although datasets have proven to be a very successful technology, we recommend that new .NET applications use Entity Framework Core. Entity Framework provides a more natural way to work with tabular data as object models, and it has a simpler programming interface.

Note

This article provides guidance for handling connection strings in Windows applications; for cloud and web applications, more secure techniques are available. You can use Connected Services to add support for Secrets.json for local development, and then migrate to Azure Key Vault for secrets storage when you deploy to Azure. See Protect secrets during development..

Properly handling the connection string in a Visual Studio application requires care to avoid presenting security risks. Connection strings in Visual Studio applications are often saved in the application configuration file (also referred to as application settings), or hard-coded directly in your application. Hard-coding directly into the application is not recommended, because the sensitive information in the connection string, such as the database credentials, can be read directly from the unencrypted binaries. Saving connection strings in the application configuration file simplifies the task of maintaining your application. If the connection string needs to be changed, you can update it in the application settings file (as opposed to having to change it in the source code and recompile the application).

Storing sensitive information (such as the password) within the connection string can affect the security of your application. Connection strings saved to the application configuration file are not encrypted or obfuscated, so it might be possible for someone to access the file and view its contents.

For databases that support it, using Windows integrated security is a more secure way to control access to a database.

If you do not choose to use Windows integrated security and your database requires a user name and password, you can omit them from the connection string, but your application will need to provide this information to successfully connect to the database. For example, you can create a dialog box that prompts the user for this information and dynamically builds the connection string at run time. Security can still be an issue if the information is intercepted on the way to the database.

For more information, see Protecting connection information.

To save a connection string from within the Data Source Configuration Wizard

In the Data Source Configuration Wizard, select the option to save the connection on the Save the Connection String to the Application Configuration File page.

To save a connection string directly into application settings

  1. In Solution Explorer, double-click the My Project icon (Visual Basic) or Properties icon (C#) to open the Project Designer.
  2. Select the Settings tab.
  3. Enter a Name for the connection string. Refer to this name when accessing the connection string in code.
  4. Set the Type to (Connection string).
  5. Leave the Scope set to Application.
  6. Type your connection string into the Value field, or click the ellipsis (...) button in the Value field to open the Connection Properties dialog box to build your connection string.

Edit connection strings stored in application settings

You can modify connection information that is saved in application settings by using the Project Designer.

To edit a connection string stored in application settings

  1. In Solution Explorer, double-click the My Project icon (Visual Basic) or Properties icon (C#) to open the Project Designer.
  2. Select the Settings tab.
  3. Locate the connection you want to edit and select the text in the Value field.
  4. Edit the connection string in the Value field, or click the ellipsis (...) button in the Value field to edit your connection with the Connection Properties dialog box.

Edit connection strings for datasets

You can modify connection information for each TableAdapter in a dataset.

To edit a connection string for a TableAdapter in a dataset

  1. In Solution Explorer, double-click the dataset (.xsd file) that has the connection you want to edit.
  2. Select the TableAdapter or query that has the connection you want to edit.
  3. In the Properties window, expand the Connection node.
  4. To quickly modify the connection string, edit the ConnectionString property, or click the down arrow on the Connection property and choose New Connection.

Security

Storing sensitive information (such as a password) within the connection string can affect the security of your application. Using Windows integrated security is a more secure way to control access to a database. For more information, see Protecting connection information.