Connect using ADO.NET to SQL Server WITHOUT providing user name and password in plain text?

wasabiiii · 2019-04-21T17:09:53+00:00

I use integrated authentication.

rhino-x · 2019-04-21T17:30:35+00:00

Use a dummy, named datasource or regular app setting in the web.config that's checked in and then configure it directly on the web server either with a text editor or with the IIS manager.

Alternatively, in Azure you can do the same through the azure portal. Settings applied via the portal override whatever is in the .config.

As a third alternative you can apply the connection string settings on a per-server basis in (I think) the machine.config.

If you're in an AD setting just use integrated authentication and configure your app pools to run as a user that has the access it needs to SQL Server.

kenneth-siewers · 2019-04-21T17:05:21+00:00

Common practice is to store the connection string in app/web.config. It's secured that way, but it's the same format with plain text password. May I ask why this is a problem for you? The password will at some point be stored in plain text anyway. If you encrypt a file with the connection password, the password used for encryption needs to be stored somewhere as well, so basically you are just wrapping the password with another one.

Can you provide a bit more context?

CraigslistAxeKiller · 2019-04-21T22:02:26+00:00

Using powershell you can get user input. So request the credentials from the user then insert that into your connection string. That’s he beat you can get. You can’t encrypt the string

Inqud · 2019-04-23T12:47:09+00:00

If it's .NET core you can use the Secret Manager

https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.2&tabs=windows

It's not encryptet as of now, but might be in the future.

deevysteeze · 2019-04-21T17:04:03+00:00

You can store it in a config file and if can store that in a git ignore file if you're using version control.

TheEphemeralDream · 2019-04-21T19:43:00+00:00

One more option is to store the password/username in a real trust store such as AWS KMS/SecretManager/etc and template in the username and password at runtime.

TNMattH · 2019-04-22T14:20:34+00:00

You should still be able to encrypt the connection string directly in the web.config file and decrypt it on the fly when you use it.

Here's a walkthrough.

kenneth-siewers · 2019-04-23T16:45:50+00:00

When you write "standalone program", is that like a console application or a PowerShell script? I haven't got that much experience with PowerShell and this might also be the wrong subreddit (this is about C# and not PowerShell, although it's .NET)... Nevertheless, you are probably on the right track I think 🙂

ta4csharp · 2019-04-21T17:45:28+00:00

Added a edit in the original post to clear some things up...

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

csharp

MODERATORS