I'm developing a client/server application in VFP9SP2 with a SQL Server 2005 database backend using ODBC. The UI,business, and data access layers are logically separated but physically all currently reside in a single EXE.

The customer requires windows authentication and wants to use a service account for database access in SQL Server.

I am currently storing encrypted copies of the User ID/Password for the service account and using api calls to LogonUser(), ImpersonateLoggedOnUser(), and RevertToSelf() wrapped around the call to SQLStringConnect().

What other options do I have for making the connection using the service account's credentials?

Also, are there any negative side effects/consequences of the method I am currently employing?

Thanks,
Scott