Question - How do I use SQL authentication for connecting to SQL server

J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Andy Wigley, Kishore Gopalan

Applies to

ASP.NET 2.0

Answer:

If you cannot use Windows authentication to SQL Server, you must use SQL authentication. To use SQL authentication:

Use a least-privileged user ID to connect to SQL.
Use a strong password for the SQL user account.
Protect the channel between the Web server and database server because credentials are passed in an unencrypted format. For example, use SSL or IPSec.
Protect the SQL connection string, which contains plaintext credentials.

If you connect to a SQL Server database using credentials (user name and password), your connection string looks like the following.

SqlConnectionString = "Server=YourServer\Instance;
                     Database=YourDatabase;uid=YourUserName;
                     pwd=YourStrongPassword;"

Additional Resources

For more information on using SQL authentication for accessing SQL server, see "How To: Connect to SQL Server Using SQL Authentication in ASP.NET 2.0." at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000010.asp
For more information on protecting database connection strings, see "How To; Encrypt Configuration Sections Using DPAPI" at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000005.asp
"How TO: Encrypt Configuration Sections Using RSA" at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000006.asp

Attributes

Author: J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Andy Wigley, Kishore Gopalan

Category: Data Access

filePath: ..\Libraries\patterns & practices Library\faq\e575c437-e82c-4d46-a6d6-0535eb183c45.xml

Pri: 2

Rule Type: Implementation

Source: patterns & practices Library

Status: Release

Technology: ASP.NET 2.0

Title: Question - How do I use SQL authentication for connecting to SQL server

Topic: Security

Type: Question and Answer

ID: e575c437-e82c-4d46-a6d6-0535eb183c45