SQL Login Password Encryption

Question

SQL Login Password Encryption

sqlquery-101401

SSCarpal Tunnel

Points: 4951
More actions
March 3, 2010 at 8:42 pm

#386428

I have a requirement where my connection string in web.config of IIS will connect to SQL Server with SQL Login so i have to supply the password in the file to connect to sql server .
I dont want to expose the password in the web.config file ,How i can keep the encrypted form of the password in web.config and that should connect to SQL in normal way?
Thanks for your time....

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Sarab_SQLChamp Hall of Fame Points: 3882 More actions · Answer 1

sqlquery-101401 (3/3/2010)
I have a requirement where my connection string in web.config of IIS will connect to SQL Server with SQL Login so i have to supply the password in the file to connect to sql server .
I dont want to expose the password in the web.config file ,How i can keep the encrypted form of the password in web.config and that should connect to SQL in normal way?
Thanks for your time....

never faced such a situation & not an expert in this but i think you should use application role.

Regards,
Sarabpreet Singh 😎
Sarabpreet.com
SQLChamp.com
Twitter: @Sarab_SQLGeek

Henrico Bekker One Orange Chip Points: 27652 More actions · Answer 2

Use SSPI in your web.config, and use an application role, where the ID & Pwd will be save and encrypted in SQL Server.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle

sqlquery-101401 SSCarpal Tunnel Points: 4951 More actions · Answer 3

sqlquery-101401

SSCarpal Tunnel

Points: 4951

March 4, 2010 at 9:06 am

#1128555

Thanks , can you please elaborate on SSPI part?

Henrico Bekker One Orange Chip Points: 27652 More actions · Answer 4

SSPI:

http://msdn.microsoft.com/en-us/library/aa380493(VS.85).aspx

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle