public static void DeleteLogin(string server, string userid, string password, string loginname)
{
//We cannot use parametrized query with DROP LOGIN so we need to check manually for sql injection.
string invalidstring;
if (!SqlInjectionHelper.InvalidChars(loginname, out invalidstring))
{
throw new Exception("The loginname contains some invalid parts. " + invalidstring);
}
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.UserID = userid;
builder.DataSource = server;
builder.Password = password;
builder.InitialCatalog = "master";
using (SqlConnection conn = new SqlConnection(builder.ConnectionString))
{
conn.Open();
using (SqlCommand command = new SqlCommand("DROP LOGIN [" + loginname + "]", conn))
{
command.ExecuteNonQuery();
}
}
}
public static void CreateUser(string server, string catalog, string userid, string password, string username, string login)
{
//We cannot use parametrized query with CREATE USER so we need to check manually for sql injection.
string invalidstring;
if (!SqlInjectionHelper.InvalidChars(username, out invalidstring))
{
throw new Exception("The username contains some invalid parts. " + invalidstring);
}
if (!SqlInjectionHelper.InvalidChars(login, out invalidstring))
{
throw new Exception("The login contains some invalid parts. " + invalidstring);
}
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder();
builder.UserID = userid;
builder.DataSource = server;
builder.Password = password;
builder.InitialCatalog = catalog;
var databases = new List <Database>();
using (SqlConnection conn = new SqlConnection(builder.ConnectionString))
{
conn.Open();
using (SqlCommand command = new SqlCommand("CREATE USER " + username + " FOR LOGIN " + login, conn))
{
command.ExecuteNonQuery();
}
}
}