Hello All-

I've created a program that uses the SQLXMLBULKLOAD Library to upload some aggregated information from the client to a database. From many of the examples I have observed using this upload option, one either does one of two things...

1) Hardcodes the password into the program itself.

2) Sets the security setting to trusted domain authentication.

1 is not a viable solution. 2 is not desired either because I don't want to give the client user the ability to modify the DB. Ideally I just want to program itself to be able to.

This program would be deployed via Active Directory, and I would like the admin to have the ability to set the password the client will use.

Some ideas I have had are using something like "MSIEXEC.EXE /I MY-CLIENT.MSI PASSWORD=SOMETHING" -- but this is not secure since the password would be stored in the MSI and installed to the registry in clear text...

Is there some way to accomplish a similar capability in Active Directory?

I basically need a secure way for the program running on the client to authenticate to the DB. But it needs to be scalable, for an admin deploying this to configure the clients authentication.

Anyone have any thoughts on how to accomplish this? I would really appreciate any guidance.

Here's one suggestions...

Store a list of usernames/passwords (either/or) in a database. When a user goes to connect, compare their username/password combination to one in the database. As for connecting to the database, you "could" use a webservice for the authentication. The webservice would obviously be given access to the database, and the client would not.

Or, you could "impersonate" a logged in user to allow authentication to occur, then switch back to the domain user when the login is complete. This will temporarily allow the application's runtime to connect to the DB.

Personally, web services are the way to go. Plus, with the users/passwords stored in the DB, you could create an app/give access to any admin, to the DB and they can administer it.