Storing username and password to access SQL Server from a Windows service without Integrated Security

2.9k views Asked by At

We have a service that accesses SQL Server, the client is not using Integrated Security and we need the service to have rights to the database whenever the machine is turned on. Do we have to store the SQL Server username and password? If so where? (and how)

3

There are 3 answers

0
marc_s On BEST ANSWER

Yes, if you want to connect to SQL Server using a specific username and password, those credentials need to be provided in the connection string.

And yes, storing them in plain text is a bit of a risky business.....

... fortunately, .NET allows you to strongly encrypt entire sections of your config files!

Read about Encrypting Passwords in a .NET application, and contrary to popular belief, this is available in all of .NET - not just in ASP.NET. It works in services, too - not a problem at all.

So store your SQL Server connection string into the app.config for your service and then encrypt the <connectionStrings> section and be done with it!

0
JAiro On

You should add the user/service name as User in the server with the right privilegies and the same on the database, you can do this with the sql server managment studio. First Connect to the server and add the user/service on server users folder and the add the user to the user folder in the database.

take a look a this post, at the end of the page when it talks about "Granting Access to a Local SQL Server"

http://msdn.microsoft.com/en-us/library/ff647402.aspx

0
clyc On

You would need to create a SQL login for this service (http://msdn.microsoft.com/en-us/library/aa337562.aspx). The username / password for this SQL login will need to be stored somewhere (app config/ registry) that the service can access.

Any time you store credentials, encrypt it so that no one else can see this in clear text. You could also choose to encrypt the entire connection string. Your service should be able to decrypt and read the credentials/connection string and pass this information to the sql connection.