I am in the process of developing a .net business application which processes sensitive data - the problem is that some of the users of the app are not on a domain which means I cannot use integrated security. We have too small an IT staff to create and maintain user logins on sql server, we are running sqlserver 2005 standard edition.
I cannot store the credentials in the code, maintainability and risk are the reasons. I need a secure and easy to maintain method of providing credentials to applications. Some ideas I have would be using a udl or a web service to pass the credentials.
Can you suggest the most secure method of providing credentials, the credentials would be specific to the applications, when using integrated security is not possible.
Thanks in advance.