What is the best practice for secure connection to SQL Server 2008 from .net 4.0?

What is the best practice and most secure solution when connecting from a .NET 4.0 application to SQL Server in 2008?

And how is this done in c# / vb?

I thought of connecting from the application to the SQL Server's database over an encrypted connection and then by using something called Application Roles.

开发者_如何学GoWould this be a good approach?

This is a very open question with no correct answer unless you can itemize the threats that concern you. Once you know which threats are of concern, the question can be answered correctly.

Do you care about:

1) tampering with the data as it goes from Client <-> Server?
2) server authentication?
3) client authentication?
4) disclosure of data as it goes from Client <-> Server?

If you are connecting over an untrusted network (like the internet) then I recommend using a VPN.