Source: http://www.cnblogs.com/lanse777/archive/2007/03/28/691757.html
SQL Server .NET Data Provider connection string contains a set of attributes consisting of a name / value. Each attribute / value pairs are separated by semicolons. PropertyName1 = Value1; PropertyName2 = Value2; PropertyName3 = Value3; ..... Also, the connection string must contain SQL Server instance name: Data Source = ServerName;
Use the local SQL Server (localhost), if you want to use a remote server running, should be assigned to the correct server Data Source property in the example object. You must also specify two authentication methods supported (ie Windows Authentication and SQL Server Authentication) is one of them. Windows Authentication Use Windows Logon user who connect to the database, and SQL authentication required to explicitly specify the SQL Server user ID and password. To use Windows authentication, you must include the Integrated Security property in the connection string:
Data Source=ServerName;Integrated Security=True;
By default, Integrated Security attribute is False, which means that disables Windows authentication. If you do not explicitly set the value of this property is True, the connection will use SQL Server Authentication, therefore, must provide a SQL Server user ID and password. Other Integrated Security attribute value can identify only SSPI (Security Support Provider Interface, Security Support Provider Interface). On all Windows NT operating systems, including Windows NT 4.0,2000, XP, support the value of SSPI. It is the only interface can be used when using Windows Authentication, the equivalent of the Integrated Security property value is set to True.
In Windows Authentication mode, SQL Server uses Windows security subsystem validation of user connections. Even explicitly specify the user ID and password, SQL Server does not check the user ID and password in the connection string. Because only Windows NT, 2000, XP support SSPI, so if you are using these operating systems, you can only use Windows integrated security policy to connect to SQL Server. Regardless of which operating system to use, when to use SQL Server authentication, you must specify a user ID and password in the connection string:
Data Source=ServerName;User ID=donaldx;Password=unbreakable
By default, SQL Server .NET Data Provider connection to specify the default database user, when the user is created in the database, you can set the default database user. In addition, users can also change the default database at any time. For example, the default database system administrator is to master. If you want to connect to a different database, you should specify the name of the database:
Data Source=ServerName;Integrated Security=SSPI;Initial Catalog=Northwind
Each authentication has its advantages and disadvantages. Windows user authentication using a single source repository, there is no need for the user to configure database access, respectively. The connection string does not contain the user ID and password, thus eliminating the risk of exposing the user ID and password to the user is not authorized. Manage users and their roles in Active Directory without having to explicitly configure their properties in SQL Server. Windows authentication disadvantage is that it requires the customer to connect to SQL Server through a secure subsystem supports Windows-secure channel. If the application needs to connect to SQL Server kinds of sequence over an insecure network (eg Internet), Windows authentication will not work. In addition, this authentication method also partly the responsibility for managing database access control is transferred from the body to the system administrator DBA body, this may be a problem in certain environments.
In general, the design of general application in order to use Windows authentication, it will strengthen some aspects. Most of the company's databases reside on relatively robust Windows Server operating systems, those operating systems support Windows Authentication. Separating the data access layer and data layer is represented also facilitates data access code assembly packaging applications thought in the intermediate layer, the intermediate layer components are typically operate within a network having a database server. When this design, the need to establish a database connection is via an insecure channel. In addition, Web services also need to be directly connected to a different database domains greatly reduced.