SqlCredential Class

.NET Framework (current version)

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

SqlCredential provides a more secure way to specify the password for a login attempt using SQL Server Authentication.

SqlCredential is comprised of a user id and a password that will be used for SQL Server Authentication. The password in a SqlCredential object is of type SecureString.

SqlCredential cannot be inherited.

Windows Authentication (Integrated Security = true) remains the most secure way to log in to a SQL Server database.

Namespace:   System.Data.SqlClient
Assembly:  System.Data (in System.Data.dll)


public sealed class SqlCredential

System_CAPS_pubmethodSqlCredential(String, SecureString)

Creates an object of type SqlCredential.


Returns the password component of the SqlCredential object.


Returns the user ID component of the SqlCredential object.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)


Returns a string that represents the current object.(Inherited from Object.)

Use Credential to get or set a connection's SqlCredential object. Use ChangePassword to change the password for a SqlCredential object. For information on how a SqlCredential object affects connection pool behavior, see SQL Server Connection Pooling (ADO.NET).

An InvalidOperationException exception will be raised if a non-null SqlCredential object is used in a connection with any of the following connection string keywords:

  • Integrated Security = true

  • Password

  • User ID

  • Context Connection = true

The following sample connects to a SQL Server database using Credential:

// change connection string in the APP.CONFIG file
  <add name="MyConnString"
       connectionString="Initial Catalog=myDB;Server=myServer"
       providerName="System.Data.SqlClient" />

// then use the following snippet:
using System.Configuration;

System.Windows.Controls.TextBox txtUserId = new System.Windows.Controls.TextBox();
System.Windows.Controls.PasswordBox txtPwd = new System.Windows.Controls.PasswordBox();

Configuration config = Configuration.WebConfigurationManager.OpenWebConfiguration(Null);
ConnectionStringSettings connString = config.ConnectionStrings.ConnectionString[“MyConnString”];

using (SqlConnection conn = new SqlConnection(connString.ConnectionString))
SecureString pwd = txtPwd.SecurePassword;
SqlCredential cred = new SqlCredential(txtUserId.Text, pwd);
conn.Credential = cred;

.NET Framework
Available since 4.5

Any public static ( Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top