예제 #1
0
        public static void DeleteLogin(string server, string userid, string password, string loginname)
        {
            //We cannot use parametrized query with DROP LOGIN so we need to check manually for sql injection.
            string invalidstring;

            if (!SqlInjectionHelper.InvalidChars(loginname, out invalidstring))
            {
                throw new Exception("The loginname contains some invalid parts. " + invalidstring);
            }

            SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();

            builder.UserID         = userid;
            builder.DataSource     = server;
            builder.Password       = password;
            builder.InitialCatalog = "master";

            using (SqlConnection conn = new SqlConnection(builder.ConnectionString))
            {
                conn.Open();

                using (SqlCommand command = new SqlCommand("DROP LOGIN [" + loginname + "]", conn))
                {
                    command.ExecuteNonQuery();
                }
            }
        }
        public static void CreateUser(string server, string catalog, string userid, string password, string username, string login)
        {
            //We cannot use parametrized query with CREATE USER so we need to check manually for sql injection.
            string invalidstring;

            if (!SqlInjectionHelper.InvalidChars(username, out invalidstring))
            {
                throw new Exception("The username contains some invalid parts. " + invalidstring);
            }

            if (!SqlInjectionHelper.InvalidChars(login, out invalidstring))
            {
                throw new Exception("The login contains some invalid parts. " + invalidstring);
            }

            SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();

            builder.UserID         = userid;
            builder.DataSource     = server;
            builder.Password       = password;
            builder.InitialCatalog = catalog;

            var databases = new List <Database>();

            using (SqlConnection conn = new SqlConnection(builder.ConnectionString))
            {
                conn.Open();

                using (SqlCommand command = new SqlCommand("CREATE USER " + username + " FOR LOGIN " + login, conn))
                {
                    command.ExecuteNonQuery();
                }
            }
        }