How do you secure ASP.NET applications that pull data from SQL Servers? My developers are putting the username and password in the web.config. We can't use Windows Authentication because the Web servers are in a different domain than the SQL Servers and there is no trust established between the domains. Do have a better solution for this?
You can use synchronized accounts between the two servers, then use Windows Authentication as normal. The accounts do not have to be in the same domain but they do have to have the same username and password. Just create a local account on the Web server with the same password as the local account on the SQL Server with the same username.
Dig Deeper on SQL Server Security
Find how to create a SQL Server 2000 login account and then set user account rights to specific databases with "db_owner."
Learn why SQL Server 2000 connection is lost on the client side when database administrator changes 'SA' password on the SQL Server domain.
Learn how to create a SQL Server user authentication schema having password and tracked data changes requirements and how it involves Windows ...