Database Reference
In-Depth Information
While this information isn't critical to connect to SQL Azure it's good information to have so you
know how REST services work and can benefit from its functionality in your application. While this
chapter did not go deep into the Entity Framework or REST technology, there are plenty of good topics
by APress or information on MSDN about this technology. I highly recommend that you explore these
technologies further to enhance your SQL Azure applications.
Azure Programming Considerations
To wrap up this chapter, let's spend a few minutes talking about some things you should consider
when developing applications for the cloud. You spend a large portion of this chapter discussing how to
connect to SQL Azure, but even before you start coding the very first thing you should consider is your
connection. First and foremost, secure your connection string from injection attacks and man-in-the-
middle attacks. The .NET Framework provides a simple class in which to create and manage the
contents of connection strings used by the SqlConnection class. This class is called the
SqlConnectionStringBuilder class.
The following example illustrates how to use this class. I first define four static variables to hold the
username, password, database name and server:
private static string userName = "SQLScott@
server
";
private static string userPassword =
password
;
private static string dataSource = "tcp:
server
.database.windows.net";
private static string dbName = "TechBio";
I then modify my GetConString method to use the SqlConnectionStringBuilder class to dynamically
build my connection string:
string GetConString(int connType)
{
if (connType == 1)
SqlConnectionStringBuilder connstr = new SqlConnectionStringBuilder();
connstr.DataSource = dataSource;
connstr.InitialCatalog = dbName;
connstr.Encrypt = true;
connstr.TrustServerCertificate = false;
connstr.UserID = userName;
connstr.Password = userPassword;
return connstr.ToString();
…
}
Thus, consider the following when connecting to a SQL Azure database.
•
Use the SqlConnectionStringBuilder class to avoid injection attacks.
•
Encrypt your connection. Set the Encrypt parameter to True and the
TrustServerCertificate to False to ensure a properly encrypted connection to avoid
any man-in-the-middle attacks.
Use MARS (Multiple Active Results Sets) whenever possible to lessen the trips to
the database.
Lastly, let's discuss some connection constraints. You discussed these previously briefly but in bears
repeating them because you're discussing SQL Azure connections. The idea is that Azure is handling the
connections, and because multiple resources will more than likely using the same server as you, the last
thing Microsoft want is for you to hog all the resources and bring the server to its knees. Thus, your
•
