5

I am making an application to connect to a local SQL Server database, and I am using the following method to create the connection string and test for exceptions. 

public void connect(string user, string password, string server, string database)
    {
        connectString = "user id=" + user + ";" +
                        "password=" + password + ";" +
                        "server=" + server + ";" +
                        "Trusted_Connection=yes;" +
                        "database=" + database + ";" +
                        "connection timeout=5";
        myConnection = new SqlConnection(connectString);
        try
        {
            myConnection.Open();
            isConnected = true;
        }
        catch (SqlException)
        {
            isConnected = false;
        }
        catch (InvalidOperationException)
        {
            isConnected = false;
        }
    }

From my research there should be an exception thrown if the connection cannot be opened, but if I pass nonsense credentials or empty strings no exception is thrown. If I pass in correct information I am able to connect and use the connection string to pull in data. With the bad connection string I get an exception later when trying to fill a SqlDataAdapter with the data.

Also, with the nonsense connection strings myConnection.State is open when I debug and check that.

Is there a problem with my understanding of how the exception catching should work? Am I correct in thinking that the SqlConnection State should not be open when I am unable to connect to the database because of a bad credentials?

TylerReid
  • 481
  • 4
  • 18
  • 2
    You **do know** that there is a [`SqlConnectionStringBuilder`](http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnectionstringbuilder%28v=vs.110%29.aspx) class - right? That would make it so much easier to create a connection string (rather than just stringing it together....) – marc_s Dec 27 '13 at 19:53
  • I did not know that. Thanks for the pointer! I am trying to build this robustly, but I am new to working with a database in C# so I am probably re-inventing the wheel some. – TylerReid Dec 27 '13 at 20:04

1 Answers1

5

In your connection string you have "Trusted_Connection=yes;" that will use the current windows account for authentication and will ignore the username, password supplied in the connection string.

See: Integrated Security -or- Trusted_Connection from SqlConnection.ConnectionString Property

When false, User ID and Password are specified in the connection. When true, the current Windows account credentials are used for authentication. Recognized values are true, false, yes, no, and sspi (strongly recommended), which is equivalent to true.

If User ID and Password are specified and Integrated Security is set to true, the User ID and Password will be ignored and Integrated Security will be used. SqlCredential is a more secure way to specify credentials for a connection that uses SQL Server Authentication (Integrated Security=false).

Habib
  • 219,104
  • 29
  • 407
  • 436