How do I convert this connection string to use integrated security?

sql-server sql-server-2008 connection-string integrated-security
dotnetnoob picture dotnetnoob · Mar 27, 2013 · Viewed 7.5k times · Source

I'm very much learning about SQL as I'm going along. Visual Studio makes it very easy to get the basics done, but now I want to publish a site, and I need some advice with regards to SQL security.

This is my connection string:

<add name="MyConnectionString"
  providerName="System.Data.EntityClient"
  connectionString="metadata=
  res://*/;
  provider=System.Data.SqlClient;
  provider connection string='
  Data Source=localhost;
  Initial Catalog=MyDb;
  Integrated Security=False;
  User Id=MyUser;
  Password=MyPassword;
  MultipleActiveResultSets=True'" />

As you can see, this does not use integrated security and exposes a user name and password in the web.config file. I understand that this is probably not the best solution, but I'm at a loss to what is.

I have 3 questions:

  1. Is this an acceptable practice for a production website?
  2. How would I convert the connection string to use integrated security?
  3. What else would I need to do on the server to ensure integrated security worked?

Thanks in advance.

Answer

usr picture usr · Mar 27, 2013
  1. Yes. Integrated security is very convenient from an admin standpoint. It also seems quite secure to me.
  2. I'm going to refer you to other, preexisting material on that: http://www.connectionstrings.com/
  3. You need to create a Windows-based login inside of SQL Server and add the proper rights to it. The GUI makes this very easy.

Make sure, that the Windows user's password does not expire (enforce password policy = no).

Related questions

How to find SQL Server running port?

Yes I read this How to find the port for MS SQL Server 2008? no luck. telnet 1433 returns connection failed, so I must specify other port. I tried to use netstat -abn but I don't see sqlservr.exe or something similar …

Read More
A network-related or instance-specific error occurred while establishing a connection to SQL Server

I deployed my asp.net web application on somee.com, whenever I login into this site (ipc.somee.com) it gives me a network related error like: A network-related or instance-specific error occurred while establishing a connection to SQL Server. …

Read More
How can I get column names from a table in SQL Server?

I want to query the name of all columns of a table. I found how to do this in: Oracle MySQL PostgreSQL But I also need to know: how can this be done in Microsoft SQL Server (2008 in my case)?

Read More