1

I am using impersonation for connecting SQL Server with domain user but we have to provide the password too. Is there any way we can connect to SQL Server without a password. My connection string is - 

<connectionStrings>
  <add name="connectionString" connectionString="Data Source=myServerAddress;Initial Catalog=myDataBase;Trusted_Connection=Yes" providerName="System.Data.SqlClient"/>
</connectionStrings>

<system.web>
<identity impersonate="true" userName="Domain\userName" password="password"/>
</system.web>

I am asking this question because security team does not want to keep passwords in web.config file (not in encrypted format). They have another tool which keeps the password for all the AD Accounts and from there we have to retrieve the password before connecting to SQL Server. How is it possible in ASP.net?

IDE - Visual Studio 2012 (Framework 4.0)

Thanks!

Bob R
  • 51
  • 9
  • You have a system that stores the passwords? Then why not grab the connection string template from the config file, grab the passwords from that system, insert them into the connection string, and off you go! Of course...why is your system storing passwords encrypted? Passwords should be one-way hashed. That shouldn't be reversible. – mason Jun 04 '18 at 18:46
  • Possible duplicate of [Connection String Using a Domain User?](https://stackoverflow.com/questions/9312853/connection-string-using-a-domain-user) – Hackerman Jun 04 '18 at 18:47
  • Yes, that tool name is TPAM. I think that's not possible in domain user scenario because how would asp.net application create the access token when we retrieve the password from that system and insert into connection string dynamically? – Bob R Jun 04 '18 at 19:12
  • @ Hackerman - No its not duplicate, I have gone thru that post last week. – Bob R Jun 04 '18 at 19:14
  • Add the AD user to the application's application pool. – WorkSmarter Jun 04 '18 at 19:45
  • 1
    @ WorkSmarter - For that also, we have to provide the password and how will application pool know the new password from TPAM dynamically? – Bob R Jun 04 '18 at 20:57
  • This question has been answered here https://stackoverflow.com/questions/9312853/sql-connection-string-using-a-domain-user – Loureiro Oct 07 '22 at 13:30

1 Answers1

-1

before even connecting you can basically add a button and when that event occur input a password use the password in the connection String field directly and you are good to go .

This might not be as it is as i just said depend upload the framework you are using but its a concept that can be very usefull if you can retype the password again and again .

Raja Osama
  • 133
  • 10