asp.net database password management

[Ryan]

Is there an accepted strategy/design for database password management?

Multiple asp.net web applications all talking to the same database.
Each web app is on a separate machine and connectivity between
machines is not guaranteed. ***SQL Server authentication is
required.*** We currently store the username and password in each
web.config file. New regulations require our clients to update their
database passwords periodically. Rather than forcing the user to
update each web.config file, we would like to provide a central
database username/password management interface. Preferable, the
management UI would be part of a web application also talking to the
same database. Any ideas?

Thanks.
Ryan

 

[Ryan]

Let me ask a more straight-forward question. In a web farm
environment, there are many machines running the same web app all
pointing to the same database. The database connection string is
stored in each web app's web.config file. When the db user password
changes, what is the strategy for updating the web.config files?
Update each web.config by hand? Is there some other accepted practice
for update or storage or the db connection info in this type of
environment?

Thanks again.

Ryan