Can I used Integrated Security in my connection string?

I'm getting this error when I try to logon to my application...

"The user is not associated with a trusted SQL Server connection"

I currently am using Integrated Security and so I'm guessing that's the problem. My impression from the many things I've read from Microsoft about the connection string is to NOT store the SQL user ID and password in the Web.Config files, but rather to use Integrated Security if at all possible.

If I'm forced to SQL security (i.e. saving my Id and password) in the connection string, what are the best practices for limiting my security exposure. What I'm thinking about e.g. is using the Login manager. Please advice.

sidebar: what does <remove name> in the configuration section of the web.config file do?

Facts about my application...

Application type: ASP.Net 3.5 SP1 MVC Web Application
Membership Provider: I'm using the standard membership provider that comes with ASP.Net and have imported those database objects into my user database.
Database Type: Sql Server 2005
Web Server type: Windows 2008
IIS : Version 7; with ASP.Net ver = 2.0 or higher; Application Pool Pipeline Mode = Integrated


What I've accomplished so far...
- Deployed my ASP.Net 3.5 SP1 MVC Web Application to my DASP web server
- Uploaded my SQL Server database to my DASP server

Thanks

John Marsing

 

Thanks Bruce.

This is my first foray into creating an internet application, so now I know.

FYI: I have gone ahead and created a new logon id and created a script granting limited rights for that logon id. And with this I have gotten my web site going over the weekend.

 

Hey thats great.