This application is fully compatible with:
- β Windows Server 2016
- β Windows Server 2019
- β Windows Server 2022
- β Windows Server 2025
- β Windows 10/11 (desktop)
The application is built with multi-targeting to support both old and new systems:
<TargetFrameworks>net48;net8.0-windows</TargetFrameworks>This means when you build, you get TWO versions:
- net48 build - For Windows Server 2016/2019 (.NET Framework 4.8)
- net8.0 build - For Windows Server 2022/2025+ (.NET 8)
| Operating System | Use This Build | Location |
|---|---|---|
| Windows Server 2016 | net48 | bin\Release\net48\ |
| Windows Server 2019 | net48 | bin\Release\net48\ |
| Windows Server 2022 | net8.0 (preferred) or net48 | bin\Release\net8.0-windows\ |
| Windows Server 2025 | net8.0 | bin\Release\net8.0-windows\ |
The application uses automatic security upgrades:
#if NET48
// .NET Framework 4.8 - Uses AES-256 encryption
var encrypted = ProtectedData.Protect(bytes, entropy, DataProtectionScope.CurrentUser);
#else
// .NET 8+ - Automatically uses latest Windows cryptographic providers
var encrypted = ProtectedData.Protect(bytes, entropy, DataProtectionScope.CurrentUser);
#endifWhat This Means:
- On Server 2016: Uses AES-256 with .NET Framework 4.8
- On Server 2022+: Automatically upgrades to latest Windows crypto APIs
- No code changes needed - just rebuild and deploy!
β Connection String Encryption
- Uses Windows DPAPI (Data Protection API)
- AES-256 minimum
- Automatically upgrades when Windows updates crypto libraries
β Password Hashing
- SHA-256 on .NET Framework 4.8
- SHA-512 on .NET 8+
- Automatic upgrade when rebuilt on newer framework
β Secure Storage
- Encrypted connection strings on disk
- Per-user encryption (DPAPI CurrentUser scope)
- Can't be decrypted by other users
β Connection String Validation
- Checks for security best practices
- Warns about weak passwords
- Flags insecure settings
β TLS/SSL Support
- Supports encrypted SQL connections
- Certificate validation
- Modern TLS versions
Required:
- .NET Framework 4.8
- Download: https://dotnet.microsoft.com/download/dotnet-framework/net48
- Usually pre-installed on Server 2019+
- Must install on Server 2016
Check if installed:
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" | Select-Object Release, VersionShould show Release >= 528040 (that's 4.8)
Recommended:
- .NET 8 Desktop Runtime
- Download: https://dotnet.microsoft.com/download/dotnet/8.0
- Choose "Desktop Runtime" (includes WPF)
Or use .NET Framework 4.8 build (works but less secure)
# Build the net48 version
dotnet build -c Release -f net48
# Deploy these files
SqlMonitorUI\bin\Release\net48\*.*To the server:
- Copy entire
net48folder to server - Run
SqlMonitorUI.exe - Done!
No .NET installation needed if .NET Framework 4.8 already on server
# Build the net8.0 version
dotnet build -c Release -f net8.0-windows
# Deploy these files
SqlMonitorUI\bin\Release\net8.0-windows\*.*To the server:
- Install .NET 8 Desktop Runtime
- Copy
net8.0-windowsfolder to server - Run
SqlMonitorUI.exe
# Publish as self-contained for Server 2016
dotnet publish -c Release -f net48 -r win-x64 --self-contained true
# OR for modern servers
dotnet publish -c Release -f net8.0-windows -r win-x64 --self-contained trueThis includes everything - no need to install .NET!
// Good - Encrypted
Server=sql01;Database=master;Integrated Security=true;Encrypt=true;TrustServerCertificate=false;
// Better - Encrypted with cert validation
Server=sql01;Database=master;Integrated Security=true;Encrypt=true;The app includes SecureConnectionStorage:
var storage = new SecureConnectionStorage();
// Save encrypted
storage.SaveConnection("Production", "Server=sql01;...");
// Load (automatically decrypted)
var connStr = storage.LoadConnection("Production");// Preferred - Windows Auth
Server=sql01;Database=master;Integrated Security=true;
// Avoid - SQL Auth (if possible)
Server=sql01;Database=master;User Id=sa;Password=weak;var validation = SecurityService.ValidateConnectionString(connStr);
if (!validation.IsValid)
{
foreach (var error in validation.Errors)
Console.WriteLine($"Error: {error}");
}
foreach (var warning in validation.Warnings)
Console.WriteLine($"Warning: {warning}");| Feature | net48 (Server 2016) | net8.0 (Server 2022+) |
|---|---|---|
| Encryption | AES-256 | Latest Windows Crypto |
| Hashing | SHA-256 | SHA-512 |
| TLS | 1.2+ | 1.3+ |
| Certificate Validation | β Yes | β Yes |
| DPAPI | β Yes | β Yes (newer) |
| Auto-Upgrade | β No | β Yes (when Windows updates) |
-
You build on Server 2016:
- Uses .NET Framework 4.8
- Gets SHA-256, AES-256
- Secure, industry standard
-
You rebuild on Server 2022:
- Uses .NET 8
- Automatically gets SHA-512
- Uses newest Windows crypto providers
- No code changes!
-
Future (Server 2029?):
- Rebuild with .NET 12
- Automatically uses newest crypto
- Legacy builds still work
In the .csproj files:
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.*" />The 5.* means:
- Always get latest 5.x version when you build
- Includes latest security patches
- Automatic CVE fixes
- No code changes needed
Rebuild when:
- β New .NET version released
- β Major Windows Server update
- β Security vulnerability announced
- β Moving to newer servers
Don't need to rebuild for:
- β Minor Windows updates
- β SQL Server updates
- β Data-only changes
# Check .NET Framework version
Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse |
Get-ItemProperty -Name Version,Release -EA 0 |
Where { $_.Version -like "4.*" }
# Run the app
.\SqlMonitorUI.exe
# Check encryption info
# (App will show which framework and crypto it's using)# Check .NET version
dotnet --list-runtimes
# Run the app
.\SqlMonitorUI.exe
# Verify using modern crypto
# (Should show .NET 8, SHA-512)Server 2016:
- Install .NET Framework 4.8
- Use the net48 build
Server 2022:
- Install .NET 8 Desktop Runtime
- Or use net48 build (works too)
Solution: Use self-contained deployment:
dotnet publish -c Release -f net48 --self-contained trueCause: Usually DPAPI key issues
Solution:
- Run as the same user
- Check user profile loaded
- Verify Windows user permissions
This is good! The app caught a security issue.
Solution:
- Read the error message
- Fix the connection string
- Re-validate
- Choose target framework (net48 for old servers, net8.0 for new)
- Build in Release mode
- Test on target server OS
- Verify .NET runtime installed (if not self-contained)
- Test connection string encryption
- Validate security warnings
- Document which build you deployed
- Plan rebuild schedule (yearly recommended)
This application meets:
β NIST Cybersecurity Framework
- Uses AES-256 minimum
- SHA-256 minimum hashing
- Encrypted data at rest
β Microsoft Security Guidelines
- Uses DPAPI for secrets
- Validates connection strings
- No plaintext password storage
β PCI DSS Relevant Controls
- Encrypted cardholder data
- Strong cryptography
- Secure key management (Windows DPAPI)
β Auto-Upgrade Path
- Can upgrade crypto without code changes
- Package auto-updates
- Framework conditional compilation
- Use the newest framework you can for your environment
- Rebuild annually to get latest security patches
- Test on target OS before deploying
- Use Windows Authentication when possible
- Encrypt SQL connections in production
- Store connection strings encrypted
- Monitor security advisories for .NET and SQL Client
- Document your build (which framework, which packages)
β
Compatible: Server 2016, 2019, 2022, 2025
β
Secure: Auto-upgrading encryption and hashing
β
Flexible: Multi-target builds for all environments
β
Enterprise: DPAPI, validation, secure storage
β
Future-Proof: Rebuild = automatic security upgrade
Deploy with confidence! π