Hi,
I am using the ASP.Net forms authentication method for authenticating users and have installed the SQL package on my SQL server database. While developing my application the connection string has been using Integrated Security which allows me access as my user account has access. However when anonymous users try to login to the site they wont have access to the database to verify their login credentials.
What is the standard practice for configuring the connection to the database? If i deploy my site to IIS and run the app when logging in i get an error because the machine account it uses to run it doesn't have access. Do people create a new account to run the app and give it access the SQL server DB or do i create a SQL user on the server and hard code the credentials in the web.config file? the latter seems unsafe as the credentials would potentially accessible.