How to solve this error in ASP.NET

Question

I am beginner in asp.net and sql server. I have created a database in sql server 2014 with sql authentication.

Here is my code :

Registration.aspx.cs

public partial class Registration : System.Web.UI.Page
{
     SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-U9DUN78\SQLEXPRESS;Initial Catalog=LoginRegisterData;Persist Security Info=True;User ID=sa;Password=***********;Pooling=False");
     protected void Page_Load(object sender, EventArgs e)
     {

     }


     protected void Button1_Click(object sender, EventArgs e)
     {      
        try
        {
            con.Open();
            SqlCommand cmd = con.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText = "insert into UserDetails values('" + TextBoxUsername.Text + "','" + TextBoxEmailid.Text+ "','" + TextBoxPassword.Text + "','" + TextBoxDate.Text + "','" + DropDownListCountry.SelectedItem + "')";
            cmd.ExecuteNonQuery();
            con.Close();
       }
       catch(Exception ee)
       {
            Response.Write(ee);
       }

  }

I want to store data into sql server database. The following snap is the error that I am getting :

Error page

check your password in your connection string passed to SqlConnection matches exactly the password you use with SSMS; — techspider, May 27 '16 at 21:21
Based on your error, it sounds like your credentials are incorrect. Try using the same ones to log into SQL Server Management Studio to see if that helps. Also, consider using parameters to build your query instead of concatenating strings. — Rion Williams, May 27 '16 at 21:22
As pervious users pointed out (confirm Credential) You can point break point in your code where you are trying to open connection. Additional advice: 1. DO NOT USE "sa" for your web app sql connection - very dangerous practice 2. Paramatise your insert query or in the very least use prepared statement using @ — DaniDev, May 27 '16 at 21:32
You should also check if your SQL Server have mixed authentication enabled — Rubens Farias, May 27 '16 at 21:34
If you have MSSQL Management studio installed try actually logging in as "sa" with the correct password. If you can't then chances are the sa account does have mixed authentication set to true or yes or whatever it is. Which is the default settting — Alex W, May 28 '16 at 00:38

etoisarobot · Answer 1 · 2016-05-27T22:09:10.413

As others have said it is probably just a bad password. To make sure Sql Server authentication is enabled in SSMS right click on the instance, Select properties and make sure Sql Server and Windows Authentication is selected.

Also...

To create and test connections strings you can create a new text file and rename it to anything.udl. If you double click on it you'll be able to create and test connection strings for a few different connection types. If you save your changes and then open the file in notepad you will see the connection string in the format you need.
You should not be connecting to your db with sa as if you have a sql injection vulnerability (like you do) the damage that can be caused is much greater that if you have just a regular user.
Before you do anything else, please read up on sql injection as the code you have written is a text book example.

Thank you guys. I got an output once i changed the authentication as 'windows authentication', But it doesn't work in sql authentication. Can you tell me the reason why? — John, May 27 '16 at 22:01

score 1 · Answer 2 · edited May 23 '17 at 12:15

Tested on Sql Server 2008 R2. As @etoisarobot says, configure the server as above to accept both SQL and Windows authentication. Someone who is an administrator (hopefully you) then connects using Windows authentication. Run this script to change sa password - that way you know you have the right password. Run this script:

ALTER LOGIN [sa] WITH PASSWORD='PickAPassword', CHECK_POLICY=OFF
GO
ALTER LOGIN [sa] ENABLE
GO

Restart 'Sql Server' service to make changes take effect. You should then be able to login as sa.

As others have stated, you should create a new login account other than sa with only the permissions they need eg datareader and datawriter. You don't want to give users permissions to change table structures etc.

Even more secure is to give only datareader permissions and grant execute on stored procedures. This link shows how: GRANT EXECUTE to all stored procedures.

You give up the ability use UPDATE, INSERT, DELETE statements and there is a bit of work to write stored procedures to do those updates. But you can then control how data is updated. You don't want users to be able to execute DELETE MyPreciousTable when they intended DELETE MyPreciousTable WHERE id = 123456789.

You can use GRANT and DENY commands as administrator to fine tune what outside users are allowed to do.

How to solve this error in ASP.NET

2 Answers2