2

I need to switch a website's database connection from username and password in the connection string to NTLM - from what I have been told, this should just be a matter of updating the connection string.

I have spent some time trawling through here and the web in general; I have found a lot of very confusing pages that explain how NTLM works (I have never had to work with any kind of authentication before), but have not found a simple example of how to set up the connection string in my web.config to use NTLM.

Can anyone provide an example of how an NTLM-configured connection string should look (I have the service account names and passwords) - alternatively if I have been misinformed, can someone point me in the direction of a step-by-step guide as to how to integrate this connection into my website?

Improve this question
2
  • It's not called NTLM. It was never called NTLM when talking about the database. It was always Integrated or Windows Authentication. Commented Sep 19, 2017 at 9:38
  • You (the application, server, whatever) don't have to know anything about the protocol. When one application tries to use a resource, whether that's a file, network share or remote database the OS itself makes the call as that user. Commented Sep 19, 2017 at 9:42

1 Answer 1

Reset to default
4

You may be struggling to find decent information about this because it's not normally referred to as NTLM any more.

In SQL Server parlance, what you're looking for is "Integrated Security". You can specify this in your connection string as:

Server=SomeServer;Database=SomeDatabase;Integrated Security=SSPI;

And that should be sufficient - the connection security will be based on the windows user account under which the code is executing, rather than explicitly providing a username/password combination.

SSPI stands for Security Support Provider Interface and is used to indicate that a range of security protocols, such as NTLM and Kerberos can be negotiated.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I think even the SSPI keyword isn't used anymore, because SSPI itself was replaced. Later connection strings use Trusted_Connection=true.
@PanagiotisKanavos - SSPI is the preferred value to use since true and sspi are interchangeable for the SQL Server provider but some other providers only support(ed) sspi - see here

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.