Forms authentication for users and Windows for Database?

Posted by scyonx on Stack Overflow See other posts from Stack Overflow or by scyonx
Published on 2010-06-14T13:18:02Z Indexed on 2010/06/14 13:22 UTC
Read the original article Hit count: 341

On our production servers, the admins created a WebUser active directory account which is users for anonymous access to IIS and is also used to authenticate database access with our SQL Server instances using Integrated Security=SSPI in the connection string and identity impersonate="true" in the web.config.

I've often come across situations where I would like to or even need to use forms authentication. However, I using forms authentication, Integrated Security seems to use the logged in user's credentials to authenticate against the database. In these cases I have changed the connection string to use the credentials of a SQL Server users instead. I would prefer to not have a hard coded username and password in the connection string or rather worse in code.

Is it possible to use forms authentication just for user authentication for users and windows authentication with the IIS user for database access? What would be the best practice in such a situation?

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about forms-authentication