Remove examples that show insecure practices (dotnet#10435)

Author: gewarren

includes/forms-auth-warning.md

@@ -0,0 +1,2 @@
+> [!WARNING]
+> Storing user credentials in the `credentials` section is **insecure**. Instead, use [Azure Key Vault](/azure/key-vault/general/overview).

includes/ropc-warning.md

@@ -0,0 +1,2 @@
+> [!WARNING]
+> Microsoft does not recommend providing your user name and password directly, because it's an insecure pattern. Where possible, use more secure authentication flows, such as [Managed Identities for Azure resources](/sql/connect/ado-net/sql/azure-active-directory-authentication#using-managed-identity-authentication), or [Windows authentication](/sql/relational-databases/security/choose-an-authentication-mode#connecting-through-windows-authentication) for SQL Server.

snippets/csharp/VS_Snippets_ADO.NET/Classic WebData SqlCommand.ExecuteReader Example/CS/Project.csproj

@@ -2,11 +2,11 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
-  
+
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
-  
+
 </Project>

snippets/csharp/VS_Snippets_ADO.NET/Classic WebData SqlCommand.ExecuteReader2/CS/Project.csproj

@@ -1,12 +1,12 @@
 <Project Sdk="Microsoft.NET.Sdk">
-  
+
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
-  
+
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
-  
+
 </Project>

snippets/csharp/VS_Snippets_ADO.NET/Classic WebData SqlConnection.BeginTransaction Example/CS/Project.csproj

@@ -2,11 +2,11 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
 
-</Project>
+</Project>

snippets/csharp/VS_Snippets_ADO.NET/Classic WebData SqlConnection.BeginTransaction2 Example/CS/Project.csproj

@@ -2,11 +2,11 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
 
-</Project>
+</Project>

snippets/csharp/VS_Snippets_ADO.NET/Classic WebData SqlConnection.BeginTransaction3 Example/CS/Project.csproj

@@ -2,11 +2,11 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
 
-</Project>
+</Project>

snippets/csharp/VS_Snippets_ADO.NET/Classic WebData SqlDataReader.Read Example/CS/SqlDataReader.Read.csproj

@@ -2,12 +2,11 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
-    <Nullable>enable</Nullable>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.3" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
   </ItemGroup>
 
 </Project>

snippets/csharp/VS_Snippets_ADO.NET/DataWorks SqlConnectionStringBuilder.Remove/CS/Project.csproj

@@ -0,0 +1,12 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
+  </ItemGroup>
+
+</Project>

snippets/csharp/VS_Snippets_ADO.NET/DataWorks SqlConnectionStringBuilder.Remove/CS/source.cs

@@ -10,38 +10,29 @@ static void Main()
         try
         {
             string connectString =
-                "Data Source=(local);User ID=ab;Password= a1Pass@@11;" +
+                "Data Source=(local);User ID=ab;Password=myPassw0rd;" +
                 "Initial Catalog=AdventureWorks";
 
-            SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder(connectString);
-            Console.WriteLine("Original: " + builder.ConnectionString);
+            SqlConnectionStringBuilder builder = new(connectString);
+            Console.WriteLine($"Original: {builder.ConnectionString}");
 
-            // Use the Remove method
-            // in order to reset the user ID and password back to their
-            // default (empty string) values.
+            // Remove the User ID and Password.
             builder.Remove("User ID");
             builder.Remove("Password");
 
-            // Turn on integrated security:
+            // Enable integrated security.
             builder.IntegratedSecurity = true;
 
-            Console.WriteLine("Modified: " + builder.ConnectionString);
-
-            using (SqlConnection
-                       connection = new SqlConnection(builder.ConnectionString))
-            {
-                connection.Open();
-                // Now use the open connection.
-                Console.WriteLine("Database = " + connection.Database);
-            }
+            Console.WriteLine($"Modified: {builder.ConnectionString}");
         }
         catch (Exception ex)
         {
             Console.WriteLine(ex.Message);
         }
-
-        Console.WriteLine("Press any key to finish.");
-        Console.ReadLine();
     }
 }
+/* This code example produces the following output:
+ * Original: Data Source=(local);Initial Catalog=AdventureWorks;User ID=ab;Password=myPassw0rd
+ * Modified: Data Source=(local);Initial Catalog=AdventureWorks;Integrated Security=True
+ */
 // </Snippet1>

snippets/csharp/VS_Snippets_ADO.NET/DataWorks SqlConnectionStringBuilder/CS/Project.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net4.8</TargetFramework>
+    <LangVersion>11</LangVersion>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
+  </ItemGroup>
+
+</Project>

snippets/csharp/VS_Snippets_ADO.NET/DataWorks SqlConnectionStringBuilder/CS/source.cs

@@ -1,56 +1,37 @@
-
-
-using System;
-// <Snippet1>
-using System.Data;
+using System;
 using System.Data.SqlClient;
 
 class Program
 {
     static void Main()
     {
+        // <Snippet1>
         // Create a new SqlConnectionStringBuilder and
         // initialize it with a few name/value pairs.
-        SqlConnectionStringBuilder builder =
-            new SqlConnectionStringBuilder(GetConnectionString());
+        SqlConnectionStringBuilder builder = new(
+            "Server=(local);Integrated Security=true;" +
+            "Initial Catalog=AdventureWorks"
+            );
 
         // The input connection string used the
         // Server key, but the new connection string uses
         // the well-known Data Source key instead.
-        Console.WriteLine(builder.ConnectionString);
-
-        // Pass the SqlConnectionStringBuilder an existing
-        // connection string, and you can retrieve and
-        // modify any of the elements.
-        builder.ConnectionString = "server=(local);user id=ab;" +
-            "password= a!Pass113;initial catalog=AdventureWorks";
+        Console.WriteLine($"Original connection string: '{builder.ConnectionString}'");
 
         // Now that the connection string has been parsed,
         // you can work with individual items.
-        Console.WriteLine(builder.Password);
-        builder.Password = "new@1Password";
+        Console.WriteLine($"Initial catalog: '{builder.InitialCatalog}'");
+        builder.InitialCatalog = "Northwind";
         builder.AsynchronousProcessing = true;
 
         // You can refer to connection keys using strings,
         // as well. When you use this technique (the default
         // Item property in Visual Basic, or the indexer in C#),
-        // you can specify any synonym for the connection string key
-        // name.
+        // you can specify any synonym for the connection string key name.
         builder["Server"] = ".";
         builder["Connect Timeout"] = 1000;
         builder["Trusted_Connection"] = true;
-        Console.WriteLine(builder.ConnectionString);
-
-        Console.WriteLine("Press Enter to finish.");
-        Console.ReadLine();
-    }
-
-    private static string GetConnectionString()
-    {
-        // To avoid storing the connection string in your code,
-        // you can retrieve it from a configuration file.
-        return "Server=(local);Integrated Security=SSPI;" +
-            "Initial Catalog=AdventureWorks";
+        Console.WriteLine($"Modified connection string: '{builder.ConnectionString}'");
+        // </Snippet1>
     }
 }
-// </Snippet1>

snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.AuthenticationSection/CS/Project.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net4.8</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Web" />
+  </ItemGroup>
+
+</Project>

snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.AuthenticationSection/CS/authenticationsection.cs

@@ -1,61 +1,52 @@
 using System;
-using System.Configuration;
-using System.Web.Configuration;
 using System.Web;
+using System.Web.Configuration;
 
 namespace Samples.AspNet.Configuration
 {
-
     class UsingAuthenticationSection
     {
-         public static void Main()
-         {
- 
+        public static void Main()
+        {
             // <Snippet1>
             // Get the Web application configuration.
             System.Configuration.Configuration configuration =
-                System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(
+                WebConfigurationManager.OpenWebConfiguration(
                 "/aspnetTest");
 
-            // Get the section.
+            // Get the authentication section.
             AuthenticationSection authenticationSection =
                 (AuthenticationSection)configuration.GetSection(
                 "system.web/authentication");
-
             // </Snippet1>
 
             // <Snippet2>
-            AuthenticationSection newauthenticationSection = 
+            AuthenticationSection newauthenticationSection =
                 new AuthenticationSection();
-
             // </Snippet2>
 
             // <Snippet3>
             // Get the current Passport property.
-            PassportAuthentication currentPassport = 
+            PassportAuthentication currentPassport =
                 authenticationSection.Passport;
 
             // Get the Passport redirect URL.
-            string passRedirectUrl = 
-                currentPassport.RedirectUrl;
-
+            string passRedirectUrl = currentPassport.RedirectUrl;
             // </Snippet3>
 
             // <Snippet4>
             // Get the current Mode property.
-            AuthenticationMode currentMode = 
+            AuthenticationMode currentMode =
                 authenticationSection.Mode;
 
             // Set the Mode property to Windows.
-            authenticationSection.Mode = 
+            authenticationSection.Mode =
                 AuthenticationMode.Windows;
-
             // </Snippet4>
 
             // <Snippet5>
             // Get the current Forms property.
-            
-            FormsAuthenticationConfiguration currentForms = 
+            FormsAuthenticationConfiguration currentForms =
                 authenticationSection.Forms;
 
             // Get the Forms attributes.
@@ -71,8 +62,7 @@ public static void Main()
             FormsProtectionEnum protection = currentForms.Protection;
             string defaultUrl = currentForms.DefaultUrl;
             string domain = currentForms.Domain;
-
             // </Snippet5>
         }
-    } 
+    }
 }

snippets/csharp/VS_Snippets_WebNet/System.Web.Configuration.FormsAuthenticationConfiguration/CS/Project.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net4.8</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Web" />
+  </ItemGroup>
+
+</Project>