-1

Is there some way by which i can hardcode the username and password in my code for windows authentication in c# ?

I am making a connection like below :

SqlConnection conn = new SqlConnection("Data Source=mydb.net;Initial Catalog=MyDatamart;Integrated Security=SSPI");
string selectSQL = "select * from myTable";
SqlCommand cmd = new SqlCommand(selectSQL, conn);

The database which I am accessing has Windows authentication enabled.Is there someway I can hardcode my username and password to the code so that anyone (even someone who doesn't have access to the db ) can access the db when they run my code?

bishnu
  • 49
  • 1
  • 11
  • Move the connection string to configuration file. – Kurubaran May 06 '15 at 11:19
  • 1
    Kurubaran- How will that help ? Don't we move connection strings to web.config when we need to use it multiple times ? I am using this only once – bishnu May 06 '15 at 11:26

1 Answers1

0

Yes, you can, but no, you shouldn't. The entire idea behind Windows authentication is to hide username and password so it is secure. It always uses the current logged-in Windows user as connecting user.

You can use some ways of impersonating the application user, providing it a username and password.

The best post I have used can be found here: How do you do Impersonation in .NET?.

Community
  • 1
  • 1
Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325