I have a C# application in which I use EntityFramework. In my App.config file I got a Connection String, which contains server, database, User ID password and so forth. But when I run my application it ignores the User ID and uses Integrated Security, which I have set to False in the connectionstring.
So why is it that my application keeps using Integrated security? I can change User ID to anything and the application stil uses integrated security.
Connection string:
<add name="dbConString" connectionString="Server=dbServerName;Database=databaseName;User ID=sqlUserName; Password=sqlUserPassword; Integrated Security=false; TrustServerCertificate=True;Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
Code from my db context class:
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
base.OnConfiguring(optionsBuilder);
if (!optionsBuilder.IsConfigured)
{
optionsBuilder.UseSqlServer(ConfigurationManager.ConnectionStrings["dbConString"].ToString());
}
}
Fist of all, EF is an ORM, not a database driver. It doesn't connect to the database itself, it uses ADO.NET and the appropriate database driver.
Second, the connection string enforces Windows Authentication. Integrated Security is specified twice and the second setting overrides the first:
...Integrated Security=false; ...Integrated Security=SSPI;
To use SQL Server logins don't specify Integrated Security at all:
Server=dbServerName;Database=databaseName;User ID=sqlUserName; Password=sqlUserPassword; TrustServerCertificate=True;