I’m writing a .NET 4.0 application that requires access to a SQL Server (v10.50.1600) database on the intranet. The database does not support integrated security/SSPI logins, only user/password logins. The best I’ve managed so far is:

SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder()
{
   DataSource = Settings.SQLHostName,
   Encrypt = true,
   TrustServerCertificate = true,
   UserID = Settings.SQLUser,
   Password = "xxx",
   InitialCatalog = "xxx"
};

However, this requires that I store and manipulate a plain-text password locally, something that I want to avoid.

Is there a way to give ADO, LINQ, or the Entity Framework, etc. a password hash instead of a password to connect to a SQL Server?

Whereas encrypted storage for connection strings is better than nothing, it eventually needs to be decrypted before use. Since the rationale behind not having a bindable content property on WPF password boxes is apparently that keeping plaintext passwords in memory is a bad idea, any sort of connection string decryption before use sounds ill-advised.

The ideal alternative would be understanding how SQL server stores and transmits its password digests; applying the same digest algorithm locally; and then sending the digest instead of the plaintext password. Unfortunately, it seems that the TDS7 password encoding described in part here:

http://dbaspot.com/ms-sqlserver/210567-tds7-8-login-packets.html

seems to not use any digest algorithm at all. So I’m probably stuck with podiluska’s answer below.