I have an ASP.NET application that uses membership functionality. I am connecting to a SQL Server database containing an aspnet_membership schema. I am currently using "sa" and the sa password in my application connection string, which I know is a terrible task. My question is, what is the best alternative for a connection string? Should I create a user in sql db name "MyAppUser" (or something else) and assign an aspnet_membership_fullcontrol scheme for this user? Thus, the application can connect and gain full control rights, and then restrict access for individual users in accordance with the logic that I wrote in the application.
Is this a good way to do this? (access is limited to the specific database used by the application, and not to any other).
If not, what is the best way to avoid using the user "sa" in my connection string when using ASPNet membership?
Thanks for any advice you can give.
source
share