sql - Login failed. The login is from an untrusted domain and cannot be used with Windows authentication

Question

My webpages are on secured server (https), and I am trying to connect the SQL Server 2008 Database, which is normal server. I am writing connectionstring on page itself, not in web.config file. And I am getting following error:-

System.Data.SqlClient.SqlException: Login failed.
The login is from an untrusted domain and cannot be used with Windows authentication.

Please help, how can I connect it, does I have to make some webservices for it.

my code is as below:

public void FillCity()
{
    SqlConnection con = new SqlConnection();
    con.ConnectionString = "integrated security=SSPI;data source=dev-fcb; user id=sa;password=password;" 
    +"persist security info=False;database=mediapro";
    con.Open();
    SqlDataAdapter da = new SqlDataAdapter();
    da.SelectCommand = new SqlCommand("select * from StateCityMaster where IsActive='1' order by CityName", con);
    DataSet ds = new DataSet();
    da.Fill(ds);
    string CityName = string.Empty;
    if (ds.Tables[0].Rows.Count > 0)
    {
        CityName = ds.Tables[0].Rows[0]["CityName"].ToString();
    }
    DataSet dset = new DataSet();
    da.Fill(dset);
    if (dset.Tables[0].Rows.Count > 0)
    {
        drpCity.DataSource = dset;
        drpCity.DataTextField = "CityName";
        drpCity.DataValueField = "CityName";
        drpCity.DataBind();
    }
    drpCity.Items.Insert(0, new ListItem("--Select--", "0"));
    con.Close();
}

Answer 1

Your connection string is telling it to use integrated security SSPI, which will use the Windows credentials.

Set Integrated Security to false if you are going to be providing the username and password.

Also, consider putting your connection string inside of the web.config file - it is more secure and reusable.

From http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring(v=VS.100).aspx:

When false, User ID and Password are specified in the connection. When true, the current Windows account credentials are used for authentication. Recognized values are true, false, yes, no, and sspi (strongly recommended), which is equivalent to true. If User ID and Password are specified and Integrated Security is set to true, the User ID and Password will be ignored and Integrated Security will be used.