>I'm building an app which will target a SQL back end.
>
>The application will require a login. And of course SQL requires
>a login, so should the application use the same login as SQL?
>
>Thanks

The age old question. I think the answer is, it depends.

I think the best bet is to use NT Authentication (Trusted Connection) to connection to SQL Server.

If your app is using forms authentication your app will login with a trusted connection. You will need to give the aspnet wp account (Network Service in 2003) rights to exec your SP's. Assuming you are using SPs.

If your app is using NT Authentication then the windows user will be connectioned with the trusted connection, and that user will need the appropriate rights to run your app.

Many feel that it is safer to just give the app rights and not the user. This sort of adds an extra layer of security to your data. For example, if the user has no rights to the SQL Db then there is no way they can get to the data outside of the application.

BOb