I'm writing a .NET 4.0 application that requires access to a SQL Server (v10.50.1600) database on the intranet. The database does not support integrated security/SSPI logins, only user/password logins. The best I've managed so far is:
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder()
{
DataSource = Settings.SQLHostName,
Encrypt = true,
TrustServerCertificate = true,
UserID = Settings.SQLUser,
Password = "xxx",
InitialCatalog = "xxx"
};
However, this requires that I store and manipulate a plain-text password locally, something that I want to avoid.
Is there a way to give ADO, LINQ, or the Entity Framework, etc. a password hash instead of a password to connect to a SQL Server?
Whereas encrypted storage for connection strings is better than nothing, it eventually needs to be decrypted before use. Since the rationale behind not having a bindable content property on WPF password boxes is apparently that keeping plaintext passwords in memory is a bad idea, any sort of connection string decryption before use sounds ill-advised.
The ideal alternative would be understanding how SQL server stores and transmits its password digests; applying the same digest algorithm locally; and then sending the digest instead of the plaintext password. Unfortunately, it seems that the TDS7 password encoding described in part here:
http://dbaspot.com/ms-sqlserver/210567-tds7-8-login-packets.html
seems to not use any digest algorithm at all. So I'm probably stuck with podiluska's answer below.
