Windows Authentication/Forms Authentication? How best to design the system?

Can you please suggest a suitable architecture design for the problem I am facing now:

Target:

Users connect to the website. Website prompts them for a user-name and password.

These users have their own account BUT NOT ON THE DOMAIN LEVEL. Sql server on another server will then authenticate these users but I don't want to create a domain level user group or users. Users will then view their website data and edit it in the data开发者_如何学Gobase, if desired.

Situation:

1. Using IIS to host website on server A
2. Using SQL Server to deploy the databases. Databases are hosted on server B.

I am planning to create local users on server A. Then I will use Windows Authentication on the IIS to authenticate the users. These users do not belong to server B.

My assumption:

I will create a windows user on the domain level. This user will belong on server A and server B. I will then use this user's credentials as the application pool identity and will add this user as a user in the DB.

Will that strategy work? Do you recommend a better strategy?

---

Windows Authentication is more suitalble for Intranet Web Applications. If your's is a classic public website, it's a better design to implement a Form Authentication with a registration form, instead of create a window user by hand for each new user that request access... To query the database you don't need to create a new user: it's simpler to grant prvileges to the default asp.net user (something like IUSR with the machine name attacched somewhere, depends on the version of IIS), just be sure both servers belong tho the same domain.