Trying to open a SqlConnection in a try..catch block and capturing the SqlException if the login fails is a way to validate sql login. The problem with this method that we're running into is that the SqlConnection object is pooled. That is, if I change
password for a sql login then we've run into a scenario where the both the old and the new password allow us to connect to the database. This is bad.
Is there a more graceful method of validating login on both sql 2000/2005?
ADO.NET has pooling turned on by default... You have to disable this feature.
SO in essence you have your connection being pooled so your old login is still there in a sense.
Check on Connection Pooling on MSDN.
Yes, after I set the Pooling = false on the connection string, the problem was resolved. Thanks!
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.