Storing Connection String in Web.Config File

Home > Aspnet > Tutorials > Storing Connection String in Web.Config File - ASP.NET Database Tutorial

Tell a friend

Link to us

Total Members

Members: 84657

Sitemap

Forum

Chat

Home

ASP.NET Database Tutorial Home

1 . Introduction to Asp.Net 2.0

2 . Introduction to ADO.Net

3 . Connecting Access Database with AccessDataSource and GridView Control

4 . Accessing SQL SERVER Database [Using SqlDataSource]

5 . Storing Connection String in Web.Config File

6 . Inserting Records in Database

7 . Updating Records in Database

8 . Updating Records in Database

9 . Deleting Records from Database

10 . Execute Scalar: Getting Single Value from the Database

11 . Execute Reader: Fetching Records from Database

12 . Data Adapter

13 . Data Adapter and Database Connection

14 . Performing Batch Updates: Using SqlCommandBuilder

15 . Improving Performance using Stored Procedure

16 . Filtering and Sorting Data Using DataView/DataTable

17 . Data Binding and Data Synchronization

18 . SQL Transaction and Locking

19 . SQL Joins and .Net

20 . Automatically Generation of SQL Statement

Aspnet Group Home

Aspnet Discussion (10)

Aspnet Members (2382)

Aspnet Resources

Aspnet Source Code (388)

Aspnet Articles (1)

Aspnet Blogs

Aspnet Jobs

Aspnet Components (201)

- Aspnet Ask Question

- Aspnet Questions

- Aspnet Unanswered Questions

GROUPS

.NET

Java

Other

TUTORIALS

.NET

.NET Tutorial

ASP Tutorial

ASP.NET Database Tutorial

ASP.NET Development Tips

ASP.Net Security,Internationalisation And Deployment

ASP.NET Server Controls Tips

Web Development

Software Development

Java

Java Web Component Tutorial

JSP And J2EE Design Tutorial

RESOURCES

SUBMISSIONS

COMMUNITY

SITE

Aspnet database Tutorial

Storing Connection String in Web.Config File

<< Prev: Accessing SQL SERVER Database [Using SqlDataSource]

Next: Inserting Records in Database >>

Users of older versions of ASP frequently stored the connection string right in the ASP page. The connection string holds information about the data server name and (in the case of SQL authentication) the user account, sometimes even including the password. Having that information in the code is bad practice for two reasons.

The information can be seen by every programmer on the design team (however, it cannot be seen on a browser by site visitors).

It must be maintained or updated in every place throughout the Web site that has a connection. Updating passwords becomes an onerous job.

ASP.NET 2.0 gives you the option to move the connection string to a connectionStrings section of the web.config file, give the string a name, and encrypt it. Then ASP.NET 2.0 pages just refer to the connection string by name.

Adding the connection string in the web.config

Open the web.config that is located in the root of your web site. Find the section delimited by <connectionStrings> (or add it yourself if it is not there), and type an <add> tag, as follows. The tag has following three attributes:

Name: The name attribute is just an ordinary name for the connection string that you will use within your pages.

ConnectionString: The connectionString attribute should be set to the full connection string value for connecting to your database.

Provider Name: This specify whether you are connecting to Sql Server or to Oracle or to any other database.

For Example:-

</connectionStrings>

Example: Demonstrate Web.Config with aspx page

Web.Config

<? xml version = " 1.0 " ?>

<!--

Note: As an alternative to hand editing this file you can use the

web admin tool to configure settings for your application. Use

the Website->Asp.Net Configuration option in Visual Studio.

A full list of settings and comments can be found in

machine.config.comments usually located in

\Windows\Microsoft.Net\Framework\v2.x\Config

-->

</connectionStrings>

</connectionStrings>

<system.web>

<!--

Set compilation debug="true" to insert debugging

symbols into the compiled page. Because this

affects performance, set this value to true only

during development.

-->

<!--

The <authentication> section enables configuration

of the security authentication mode used by

ASP.NET to identify an incoming user.

-->

<!--

The <customErrors> section enables configuration

of what to do if/when an unhandled error occurs

during the execution of a request. Specifically,

it enables developers to configure html error pages

to be displayed in place of a error stack trace.

<customErrors mode="RemoteOnly"

defaultRedirect="GenericErrorPage.htm">

</customErrors>

-->

</system.web>

</configuration>

ConnectionStringINWebConfig.aspx

<%@ Page Language="C#" AutoEventWireup="true" Code ="FileConnectionStringINWebConfig.aspx.cs" Inherits="ConnectionStringINWebConfig" %>

<! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

< html xmlns ="http://www.w3.org/1999/xhtml" >

< head runat ="server">

</head><body>

<div><strong>  Accessing Connection String From Web.Config </strong>   <br/><br/>

<asp:Label ID ="lblProductName" runat ="server" Font-Italic ="True" Text ="Product Name"></ asp : Label >

</td><td>

<asp:TextBox ID ="txtProductName" runat ="server" BackColor ="Yellow">

</asp:TextBox>

</td><td style ="width: 3px">

</td></tr>

<asp:LabelID ="lblProdDesc" runat ="server" Font-Italic ="True" Text ="Product Description"></asp:Label>

</td><td>

<asp:TextBox ID ="txtProductDesc" runat ="server" BackColor ="Yellow">

</asp:TextBox></td >

</td></tr>

<asp:Label ID ="lblCategoryName" runat ="server" Font-Italic ="True" Text ="Category Name"></asp:Label>

</td><td>

<asp:TextBox ID ="txtCategoryName" runat ="server" BackColor ="Yellow">

</asp:TextBox>

</td><td style ="width: 3px">

</td></tr>

<asp:Label ID ="lblQuantity" runat ="server" Font-Italic ="True" Text ="ProductQuantity">

</asp:Label>

</td><td style ="height: 26px">

<asp:TextBox ID ="txtQuantity" runat ="server" BackColor ="Yellow">

</asp:TextBox>

</ td >< td style ="width: 3px; height: 26px"></td></tr>

<asp:Button ID ="btnSubmit" runat ="server" OnClick ="btnSubmit_Click" Text ="Submit"/>

</td><td style ="width: 3px"></td></tr><tr><td>

</td><td></td><td style ="width: 3px"></td></tr>

</div>

</form></body>

</html>

ConnectionStringINWebConfig.aspx.cs

using System;

using System.Data;

using System.Configuration;

using System.Web.Configuration;

using System.Collections;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

using System.Data.SqlClient;

public partial class ConnectionStringINWebConfig : System.Web.UI. Page

{

protected void btnSubmit_Click( object sender, EventArgs e)

{ // Inserting Data in the Products Table of Northwind[Initial Catalog]

String strConn = WebConfigurationManager .ConnectionStrings [ "northwindConnectionString" ].ConnectionString;

SqlConnection conn = new SqlConnection (strConn);

SqlCommand cmd = new SqlCommand ();

cmd.Connection = conn;

string strQuery = "Insert into tblproduct (productName,prodDesc,CategoryName,ProductQuantity) values (" + "'" + txtProductName.Text + "'" + "," + "'" + txtProductDesc.Text + "'" + "," + "'" + txtCategoryName.Text + "'" + "," + Int32 .Parse(txtQuantity.Text) + ")" ;

cmd.CommandText = strQuery;

cmd.CommandType = CommandType .Text;

conn.Open();

cmd.ExecuteNonQuery();

conn.Close();

Response.Write( "Data Inserted Successfully !!!!" );

}

<< Prev: Accessing SQL SERVER Database [Using SqlDataSource]	Next: Inserting Records in Database >>
Aspnet Database Tutorial Home
Give feedback and win a prize.