Thank you. I like the idea of using the ASPNET and a TrustedConnection.

>Yeah, definitely put it into the Web.config or some other externally changable store so you can change it without recompiling.
>
>THere are a number of issues you need to deal with when storing the string in web.config though. This is potentially an unsafe solution because the string there is stored in plain text. There are ways around that I suppose, but if you don't trust the location where your server sits (an ISP for example) then this might be a bad idea.
>
>Another approach to avoid hard coding username and password is to use a trusted connection and make the account that the app runs under (ASPNET by default) have access to the server. This has plus and minus'es as well, but I find that if you do this smartly (especially with IIS6 where you can assign each Web application to a separate application pool with its own user context) this is the best way to have a connection string that outside of the application context is useless...
>
>
>
>
>>
>>

>>public BusinessObject()
>>{
>>   this.strConnectionString = ConfigurationSettings.AppSettings("constring");
>>}
>>