5

My application need to establish secure connection with SQL Server 2008. Having enabled 'Force Encryption' in server side, following is my connection string from my C# application.

Initial Catalog=emp_test;Persist Security Info=True;User ID=sa;Password=***;Data Source=172.21.70.94;Provider=SQLOLEDB;Use Encryption for Data=True;Trust Server Certificate=True;

I did not provision any certificate in server - Hence I gave Trust Server Certificate=True, so that self signed server certificate is not validated.

But the connection is not established with following error.

Database error: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

Without the two attributes related to security, it works fine.

What do I need to change to get this to work?

4

1 回答 1

7

使用SqlConnection对象有两个好处。首先,您可以确保正确构建连接字符串,因为您可以使用SqlConnectionStringBuilder类来构建它。其次,它比OLEDB快得多

要构建此连接字符串...

Initial Catalog=emp_test;Persist Security Info=True;User ID=sa;Password=***;Data Source=172.21.70.94;Provider=SQLOLEDB;Use Encryption for Data=True;Trust Server Certificate=True;

...使用SqlConnectionStringBuilder你会写一些这样的代码...

var builder = new SqlConnectionStringBuilder();
builder.DataSource = "172.21.70.94";
builder.Encrypt = true;
builder.TrustServerCertificate = true;
builder.InitialCatalog = emp_test;
builder.PersistSecurityInfo = true;
builder.UserID = "sa";
builder.Password = "***";

var connection = new SqlConnection(builder.ToString());

...该Encrypt属性在 .NET Framework 中保存此定义 ...

获取或设置一个布尔值,该值指示如果服务器安装了证书,SQL Server 是否对客户端和服务器之间发送的所有数据使用 SSL 加密。

...该TrustServerCertificate属性在 .NET Framework 中保存此定义 ...

获取或设置一个值,该值指示在绕过证书链验证信任时是否将加密通道。

所以我想说这是最安全的方法。您可以确保 .NET Framework 将正确构建连接字符串,并且您可以获得一组很好的定义,这些定义围绕这些属性对基于其定义的证书的含义。

现在,由于您也连接到 Oracle,因此最好的方法是继续建立 OLEDB 连接,因为您别无选择。但是两个连接都是一个IDbConnection,所以你只有一个工厂来建立正确的连接并返回一个IDbConnection.

这意味着您可以获得两全其美,对象的性能和易用性以及SqlConnection对象的抽象,IDbConnection因此您的代码不必更改。

于 2012-10-19T12:47:16.637 回答