I need to switch a website's database connection from username and password in the connection string to NTLM - from what I have been told, this should just be a matter of updating the connection string.
I have spent some time trawling through here and the web in general; I have found a lot of very confusing pages that explain how NTLM works (I have never had to work with any kind of authentication before), but have not found a simple example of how to set up the connection string in my web.config to use NTLM.
Can anyone provide an example of how an NTLM-configured connection string should look (I have the service account names and passwords) - alternatively if I have been misinformed, can someone point me in the direction of a step-by-step guide as to how to integrate this connection into my website?
You may be struggling to find decent information about this because it's not normally referred to as NTLM any more.
In SQL Server parlance, what you're looking for is "Integrated Security". You can specify this in your connection string as:
Server=SomeServer;Database=SomeDatabase;Integrated Security=SSPI;
And that should be sufficient - the connection security will be based on the windows user account under which the code is executing, rather than explicitly providing a username/password combination.
SSPI stands for Security Support Provider Interface and is used to indicate that a range of security protocols, such as NTLM and Kerberos can be negotiated.