I have web applications (Classic ASP and .NET) that connect to SQL Server using SQL authentication. Each one has their own login. I want to convert these to Windows Authentication. The new AD users (1 per application) have already been established for each application.
What is the most secure way to use these AD users? Should I configure each application's application pool in IIS to run under the new AD user account, and then just use the "integrated security" option in the connection string from each application?
Best Answer
Yes, the most secure means to for authentication is Windows Authentication. Read more about this topic and the differences here.
As for different applications having different logins, that is going to be the most secure method. The reason behind this is because each application will most likely require a different set of permissions (I'm assuming a bit here), and instead of having one server principal with a handful of permissions to suit numerous applications, it will be more secure to have each application have a login with permissions tailored to its own needs. It's all about the Principle of Least Privilege.