aspnet2securityfaq0018 | Channel 9

Sign In

Subscribe Follow Us On Twitter

Return to
HomePage
ASPNET2SecurityFAQs

Question: How to do I use SQL authentication for connecting to SQL Server?

Answer:

If you cannot use Windows authentication to SQL Server, you must use SQL authentication.
To use SQL authentication:
* Use a least-privileged user ID to connect to SQL.
* Use a strong password for the SQL user account.
* Protect the channel between the Web server and database server because credentials are passed in an unencrypted format. For example, use SSL or IPSec.
* Protect the SQL connection string, which contains plaintext credentials.
If you connect to a SQL Server database using credentials (user name and password), your connection string looks like the following.

		 [SqlConnectionString] = "Server=YourServer\Instance;
		                      [Database=YourDatabase;uid=YourUserName;]
		                      pwd=YourStrongPassword;"

More Information

For more information on using SQL authentication for accessing SQL server, see “How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0.” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000010.asp
For more information on protecting database connection strings, see “How To; Encrypt Configuration Sections Using DPAPI” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000005.asp and “How TO: Encrypt Configuration Sections Using RSA” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000006.asp

Return to
HomePage
ASPNET2SecurityFAQs

- History
  
  Modified By: System
  
  Apr 30th, 2008 @ 11:11 AM
  
  Views (144)
- Share
  - Del.icio.us
  - Digg
  - FriendFeed
  - Facebook
Markup Quick Guide

*bold*

_italics_

+underline+

! Heading 1

!! Heading 2

* Bullet List

** Bullet List 2

# Number List

## Number List 2

[another wiki page]

[url:http://www.example.com]

[image:example.gif]

{"Do not apply formatting"}

Silverlight: Silverlight Test Driven Development – Part II
WindowsClient: Battery notification messages in Windows 7
Silverlight: The Weekly Source Code 49 - SmallBasic is Fun, Simple, Powerful Programming for Kids and Adults
WindowsClient: 24 Hour 50% off Deal on my Upcoming Manning Book: Silverlight in Action, Revised Edition
Channel 9: C9 Conversations: Yuri Gurevich - Abstraction, Algorithms and Mathematical Logic
TechNet Edge: February 2010 Security Bulletin Overview
Channel 9: PhizzPop Develop & Design Challenge
Silverlight: Quick FAQ on Visual Studio 2010 RC release (February 2010) and Silverlight development
Channel 10: 5 Bing Map Apps for the Winter Olympics
TechNet Edge: TechNet Radio: Visio 2010: Visio Services
WindowsClient: Tip: New .NET 4 String Function to Check for Empty Strings
WindowsClient: Microsoft announces commercial availability of Surface in Australia
WindowsClient: SmallestDotNet Update - Now with .NET 4 support and an includable JavaScript API
Silverlight: Answering A C# Question
Channel 9: Jason Zander: Visual Studio 2010 Release Candidate Released
Channel 9: Help Desk Episode 1 with Chris Pirillo (Pilot) - Show Notes
Mix Online: Design for tables
Channel 10: Bing and Winter Olympics
Channel 10: Use Your Zune Remote to Control Windows Media Center
WindowsClient: Query Continuations for nested collections in Data Services
close

Microsoft Communities