Jack,

Thank you so muck for your help. I totally agree that the Windows Authentication is the most secure way of handling the application pools.

Now since I'm more on SQL Developer/DBA side rather than .NET Developer you should forgive me if this question sounds stupid:

in your 2nd case scenario, how would the WEB Users (not Developers) connect to the SQL Server if it is set only with Windows Authentication?

Also I would greatly appreciate if someone will tell me how applicable in this case scenario is an Application Role?

Or is it not a related topic at all?

Any help with this issue would be greatly appreciated.

Thank you.

Alex