You don't want to do it this way. Even with obfuscation your database will be gone in a week. Its easy to reflect .net code. Instead use web requests and send values to the website via URL, then in the php use the get method and write each value to the appraise place.

RDCAx wrote You don't want to do it this way. Even with obfuscation your database will be gone in a week. Its easy to reflect .net code. Instead use web requests and send values to the website via URL, then in the php use the get method and write each value to the appraise place.

Would it be better to just create a login system via my Forum ?

Best and most secure way is to make a php script that has database access and have it check username and password against the database values, and if the details are correct, the the script echo true, if not, echo false. Then use a webrequest to see what the script returns and if it returns true, then log the user in on your program, else don,t log them in.

Rule one about making a login is never login via the app, due to how you have to login, the Username and Password for the database has to be sent to be authenticated, then to check the Username and Password for the clients account. This can be hacked and the credentials captured so very easily.

There are many ways of making a login, some more secure than others. If I was going to make a login for a forum (IPB for example) I would make a custom application and add a module to handle the clients details, additionally using an IPB application you don't need to manually search for anything, its all done in the IPSMember class (IPSMember::load('')), or you could set up a seperate PHP script too use the global configuration PHP page that is generated by IPB and do a search manually, now this is all good, but you are probably going to return some data like the clients UserGroup, VIP or not and if their Username and Password specified was correct (or not), if this data was sent back in plain text a hacker could easily change the responce to look and parse geniune but it has been hacked, not good. To make it so the responce from the server can not be tampered with many methods can be used, RSA (The best in my opinion for signing data, but heavy) AES (Very good encryption method, using two kes making it even longer to brute force, plus very easy to code PHP and App side) RC4 (Really is only good if you are doing not very private information, for example to decrypt the data, you encrypt the data again and it gives you plain text) All these methods can be used with PHP and C# (some more easier than others).

There are also other aspects to think of as well, for one if the user was a genuine VIP, then their VIP account runs out, they can change their responce from the server to what it was when their account had VIP, this is a challenge which is faced by many people, a solution I came across was too either use RSA and make it unhackable, but RSA is pretty heavy at encrypting, or make the data time out at decrypting (using a timed AES key), this all takes time and research, but if you are willing too do it and keep your server protected it will be well worth it.

I did write this very quickly before going to work, so please excuse some typo(s) and or grammar mistakes.