SQL Authentication is the typical authentication used for various database syste ms, composed of a username and a password.

Obviously, an instance of SQL Server can have multiple such user accounts (using SQL authentication) with different u sernames and passwords. In shared servers where different users should have acce ss to different databases, SQL authentication should be used. Also, when a clien t (remote computer) connects to an instance of SQL Server on other computer than the one on which the client is running, SQL Server authentication is needed. Ev en if you don't define any SQL Server user accounts, at the time of installation a root account - sa - is added with the password you provided. Just like any SQ L Server account, this can be used to log-in localy or remotely, however if an a pplication is the one that does the log in, and it should have access to only on e database, it's strongly recommended that you don't use the sa account, but cre ate a new one with limited access. Overall, SQL authentication is the main authe ntication method to be used while the one we review below - Windows Authenticati on - is more of a convenience. Windows Authentication When you are accessing SQL Server from the same computer it is installed on, you shouldn't be prompted to type in an username and password. And you are not, if you're using Windows Authentication. With Windows Authentication, the SQL Server service already knows that someone is logged in into the operating system with the correct credentials, and it uses these credentials to allow the user into it s databases. Of course, this works as long as the client resides on the same com puter as the SQL Server, or as long as the connecting client matches the Windows credentials of the server. Windows Authentication is often used as a more conve nient way to log-in into a SQL Server instance without typing a username and a p assword, however when more users are envolved, or remote connections are being e stablished with the SQL Server, SQL authentication should be used.

==========================================================================

Windows Authentication is used when your user is tied up with the Windows Domain and you can validate the requested user against your domain controller or Activ e Directory. You should choose Windows authentication if your user accounts are maintained by a domain controller or within Active Directory and there are no firewall issues . The main benefit of using Windows authentication is that it can be coupled with IIS authentication so that you don't have to write any custom code. Compared to other authentication mechanisms, Windows authentication does not pass the user c redentials over the wire. Windows authentication also provides a seamless user e xperience. Therefore Windows authentication should be used wherever possible. When you configure ASP.NET for Windows authentication, it can be coupled with II S authentication where IIS authenticates your application's users by using Basic authentication, Integrated Windows authentication, Digest authentication, or Cl

ient Certificate authentication. Both Integrated Windows authentication and Clie nt Certificate authentication provide strong authentication, but Integrated Wind ows authentication is recommended unless you have a PKI infrastructure and your clients have certificates. SQL Server Authentication is more storing the user information in the database a nd when user returns you pick there user name and password to validate against t he stored information in SQL Server database. This approach is taken in the inte rnet application where they can store some information during the signin and val idate when they return back. You have to Write a code to get the user information, Access the database and va lidate whether that user is registered user or not.