You can limit the BUILTIN\Users login credentials just to those objects you want users logging in with Windows Authentication have access to. You can even disable all access but then it wouldn't make sense using mixed mode authentication.

Enmanuel

>>You should use Windows authentication and configure access to SQL Server through Active Directory, at least that's the recommended way.
>
>So, basically, I shouldn't have to create a user in SQL Server and rely on Windows authentication only. So, basically, the reason it works right now is probably related to the Web site configuration where the user being used would have access to SQL Server. My main concern now would be to associate a server user to the database so only that user can access the database.