0

I have a web app (SPA) with React as front-end and ASP.NET Core as backend. It is working fine on my desktop using SQL Server 2017 localdb with Windows authentication.

I want to use SQL Server authentication with username and password because the app will be distributed among clients at different locations and we want to restrict the users from directly accessing the database for our business logic.

The connection string is embedded in the C# code in the datacontext.cs file so that they may not access the data of database on their machines.

The user should not be able to connect to the database using SQL Server Management Studio (SSMS) using Windows authentication (which is not intended).

Using SQL Server authentication in the connection string results in an error

login failed for the user ...

Some friends suggest to use SQL Server Express edition and "mixed mode" i.e. SQL Server and Windows authentication instead of localdb to resolve the issue.

Thanks in advance for your help.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Fiaz Ahmed Ranjha
  • 245
  • 1
  • 6
  • 22
  • _the connection string is embeded in c# code in datacontext.cs file so that they may not access the data of database on their machines._ Well, that's not secure. Anyone with .NET Reflector or dotPeek will be able to see that with little effort, or WSL users with the `strings` command. – AlwaysLearning Nov 24 '21 at 09:21
  • Hi @AlwaysLearning thanks for pointing out security flaw .so I try to workaround using online registration or other. – Fiaz Ahmed Ranjha Nov 24 '21 at 09:23

1 Answers1

1

Some friends suggest to use SQL Server Express edition and "mixed mode" i.e. SQL Server and Windows authentication

Listen to your friends. "SQL Server authentication with username and password " is disabled unless you Change the Server Authentication Mode

David Browne - Microsoft
  • 80,331
  • 6
  • 39
  • 67