0

So I have a DB (webster.accdb) which will be getting installed on a server (eg. \SERVER\WEBSTER) However different locations may have differing SERVER names (ADMIN1 etc etc)

When the program originally installs, it checks the con string in app.config which I have put as "DEFAULT" - literally the string. The program checks the connection string in app config, and if it is DEFAULT, then it runs a little prompt i have made which asks for details from the user regarding the server name and a few other specifics.

They click "connect" and it writes the newly constructed connection string to app.config and the program loads after a series of tests.

Now this works under VS tests and installs on D: drives in temp folders. My issue is that if 'properly' installed to the programfiles section, then we now have the issue of access being denied to alter the file.

So could someone point me in the right direction with regards to the correct process as i know I'm doing it wrong:

  1. Create an XML in Appdata for the user, which has the con strings, and this is generated on first use, and is used for the constrings from then on?

  2. Save the con strings as Settings, and use This code to update settings, then make sure all my con strings in my program no longer point to configuration, but to settings??

    1. Something better because I am clueless and this is totally not how i should be doing this at all!

Code used to update the config:

Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
        config.ConnectionStrings.ConnectionStrings["LOTSConnectionString"].ConnectionString = "Data Source=" + txtpcname.Text + ";Initial Catalog=" + cmbdispense.SelectedItem + ";Integrated Security=False;User ID=webbit;Password=ill923r6MG";
        config.Save(ConfigurationSaveMode.Modified, true);
Glenn Angel
  • 381
  • 1
  • 3
  • 14
  • on a different note, i have just stupidly noticed i havent used parameters here.. which i have for all SQL sections. Is this still susceptible to SQL injection?? I wouldnt have thought so as it cant even connect to the DB, however I'm sure its best practice to do it a different way? – Glenn Angel Sep 07 '17 at 13:02

2 Answers2

0

Access Denied means the user which is executing the app either does not have permission or because of inbuilt security by Operating System, app is executing under restricted permissions. Try executing app with Administrator by right clicking on it and choosing run as.

You can prevent this by Setting up connection string at the time of installation instead. Prompt a user to enter details during installation.

Sunil Singhal
  • 593
  • 3
  • 11
  • I would prefer to run from the program, as if the DB is moved or if the computer gets renamed etc etc, i need them to be able to edit this again.. – Glenn Angel Sep 07 '17 at 14:14
  • If i open with admin rights, it CAN write to the config file, but then the rest of the program still fails. it can't open the connection! – Glenn Angel Sep 07 '17 at 14:21
  • Massive error: Namesystem.data.oledb.oledbexception (0x80004005): 'V:\websterdb.accdb" is not a valid path. HOWEVER: if i run NOT as admin, it works! and connects!! SO: Admin lets me write to config but ADMIN cant open the actual connection. NON admin cant write to config, but program runs perfectly! wtf? – Glenn Angel Sep 07 '17 at 14:52
0

So pretty much I self confess to not understanding the benefits of the USER section of the config. I have changed my connection strings to just "STRING" and put in the USER section of Settings.

Now i can refer to my strings as

properties.settings.default["ConString"].tostring

This is then saved to User/APPDATA/Local

For noobs like me reading this, that means the original app.config file in programfiles stays THE SAME, but an excerpt is taken out of it relating to the user section and put into appdata.

What was confusing me the whole time was selecting "connection string" in settings, which didnt allow selection as a USER setting.

Glenn Angel
  • 381
  • 1
  • 3
  • 14