How integrated should SQL Server security be?

I just had an email exchange with the famous Kimberly Tripp (who is rumored to be blogging soon, look out!) about best practices for setting up security architecture for distributed Web applications and services. My eyebrows were raised at some demo code I saw that used a hard-coded account for ASP.NET to impersonate: ...

[Via Michele Leroux Bustamante - Regional Director for San Diego, California, USA]

If you wanna subscribe to Kimberly Tripp blog, the URL is http://www.sqlskills.com/blogs/kimberly/SyndicationService.asmx/GetRss