Dev (1/11/2012)
I don’t prefer Windows Authentication based database servers for Web Application. It’s better if user login with Application (Web) Login Name and Application Server translate its credentials to SQL Server login for database operations.
Windows authentication is definitely more secure. It IS more difficult to setup, but more secure. Even for external applications I'd still prefer to have my application handle user authentication and then have the application connect to the SQL Server using Windows authentication via the app pool domain account so that there is no SQL login information exposed.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question