c# SQL secure authentication between client and SQL server when not using integrated security

Ask a question

Monday, March 18, 2013 12:06 AM

0

Thanks in Advance,

I need to find the relivant documenation that describes the nature of the connection between a client and server for a SQL connection when SQL authentication is used. I'm not asking how to protect the password at the client end, but what happens when connection occurs. Will the SqlConnection class containing the userID and password in the connection string send this over the network in plain text?
- Reply
- Quote

All Replies

Monday, March 18, 2013 8:42 AM

Moderator

0
Hello,

If a connection string is built in the application , it is sent to the SQL Server and so visible on the network ( if the Integrated Security is set to true, the user and password are not visible after the connection is established )

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnectionstringbuilder.integratedsecurity.aspx

Please, could you tell us the version of your .Net Framework (3.5,4.0,4.5) and of your SQL Server ( 2005,2008,2008 R2,2012 + last installed service pack ) ?

I have found http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcredential.aspx but it only for .Net Framework 4.5

Interesting is : "SqlCredential is comprised of a user id and a password that will be used for SQL Server Authentication. The password in a SqlCredential object is of type SecureString"

see http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.credential.aspx

For SQL Server 2008 and 2008 R2 , the SMO documentation was giving a property for ServerConnection using a secure string but it has never worked.

Another possibility is to use an encrypted connection with a certificate

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnectionstringbuilder.encrypt.aspx

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnectionstringbuilder.trustservercertificate.aspx

but I have never used this authentification way , so I cannot give any advice about it.

Don't hesitate to post again for more help or explanation. There is always somebody looking at this forum.

Have a nice day

Mark Post as helpful if it provides any help.Otherwise,leave it as it is.
- Edited by Papy NormandModerator Monday, March 18, 2013 8:43 AM with a certificate forgotten
- Marked As Answer by Iric WenModerator Tuesday, March 26, 2013 9:06 AM
- Reply
- Quote