I have an ASP.NET application that uses the membership functionality. I connect to a SQL Server database that contains the aspnet_membership schema. I currently am using “sa” and the sa password in my application’s connection string which, I know, is a horrible thing to do. My question is, what is the best alternative for the connection string? Should I create a user in the sql db name “MyAppUser” (or something) and assign the aspnet_membership_fullcontrol schema to that user? That way, the app can connect and get the full control priviledges, then limit the access for the individual users according to the logic I have written into the application.
Is that a good way to do it? (the access is limited to the particular database being used by the app, and not any of the others).
If not, what is a better way to get away from using user “sa” in my connection string while utilizing ASPNet membership?
Thanks for any advice you can give.
If this is an internal application, you can use windows authentication (integrated security = true), otherwise create a sql login for you app, map the db to the user and apply adequate permissions (probably read/write).