Asp .net Web config file connection string with secured

Question

I have following connection string in my web application.

<add name="ApplicationDs" connectionString="Data Source=(localhost);Initial Catalog=DBName;User ID=XXX;Password=xxxxxxx;" providerName="System.Data.SqlClient"/>

For some security purpose , unable to put sql username and password directly in web.config file. If anything build in security option is available in asp .net to handle this.

Advice me

score 2 · Accepted Answer · answered Sep 27 '13 at 07:27

2

Use integrated security and run your web application with a user account you gave permissions to within your database.

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

for more connection string examples, find them here http://www.connectionstrings.com/sql-server-2012

answered Sep 27 '13 at 07:27

MichaC

13,104
2
44
56

Thanks.. Hi could you explain about Integrated Security=SSPI – bgs Sep 27 '13 at 14:49
http://stackoverflow.com/questions/1229691/difference-between-integrated-security-true-and-integrated-security-sspi – MichaC Sep 27 '13 at 14:51

score 1 · Answer 2 · answered Sep 27 '13 at 13:20

You might consider encrypting your connection string section. If the security issue is that the username and password cannot be exposed in clear text, then encryption might help/solve the issue.

For more information on web.config encryption, see this link.

Asp .net Web config file connection string with secured

2 Answers2