Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

SqlClientPermission.Add Method

Adds a new connection string and a set of restricted keywords to the SqlClientPermission object.

Namespace:  System.Data.SqlClient
Assembly:  System.Data (in System.Data.dll)
public override void Add(
	string connectionString,
	string restrictions,
	KeyRestrictionBehavior behavior


Type: System.String

The connection string.

Type: System.String

The key restrictions.

Type: System.Data.KeyRestrictionBehavior

One of the KeyRestrictionBehavior enumerations.

Use this method to configure which connection strings are allowed by a particular permission object. For example, use the following code fragment if you want to only allow a specific connection string and nothing else:

permission.Add("server=MyServer; database=MyDatabase; Integrated Security=true", "", KeyRestrictionBehavior.AllowOnly)

The following example allows connection strings that use any database, but only on the server named MyServer, with any user and password combination and containing no other connection string keywords:

permission.Add("server=MyServer;", "database=; user id=; password=;", KeyRestrictionBehavior.AllowOnly)

The following example uses the same scenario as above but allows for a failover partner that can be used when connecting to servers configured for mirroring:

permission.Add("server=MyServer; failover partner=MyMirrorServer", "database=; user id=; password=;", KeyRestrictionBehavior.AllowOnly)


When using code access security permissions for ADO.NET, the correct pattern is to start with the most restrictive case (no permissions at all) and then add the specific permissions that are needed for the particular task that the code needs to perform. The opposite pattern, starting with all permissions and then trying to deny a specific permission, is not secure, because there are many ways of expressing the same connection string. For example, if you start with all permissions and then attempt to deny the use of the connection string "server=someserver", the string "server=someserver.mycompany.com" would still be allowed. By always starting by granting no permissions at all, you reduce the chances that there are holes in the permission set.

.NET Framework

Supported in: 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows Phone 8.1, Windows Phone 8, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.