I suspect that you didn’t encode the password properly in the web.config file. Remember that web.config is a XML file, so entities must be encoded.
Instead of
my&password
try
my&password
You can use sites such as FreeFormatter.com to escape/unescape XML strings.