ASP.NET: Windows Authentication on SQL Server
Many of you know that Microsoft suggests using the security provided by inherent windows auth when logging into SQL Server from an ASP.NET application. With Windows 2000 this usually means adding the ASPNET user to SQL Server or the NETWORK SERVICE user for Windows 2003. This is all fine except when you are faced with authenticating against a SQL instance that is not local. It is at this point that most developers usually give up and use SQL authentication. Those who Google the problem however will be presented with a solution that advises a change to the machine.config processModel element. Here you will specify a username and password other than the default MACHINE/AutoGenerate pair.
Might I suggest looking at the
ex:
<identity impersonate="true" userName="DOMAIN\User" password="xxxxxx"/>
Looking at the doc on MSDN you will also find that it is possible to encrypt the user name and password, store them in the registry and reference the registry entries.
ex:
<identity>
userName="registry:HKLM\Software\AspNetIdentity,Name"
password="registry:HKLM\Software\AspNetIdentity,Pwd"
identity>