I'm considering changing a .NET application from using SQL Authentication to Windows Authentication. I have thought about using Application Role but decided not to use it since the application I'm changing is using multiple SQL databases and Application Role is limited to one database. I want to know what are the pros and cons using Windows Authentication. Also, I have the following specific questions: How does Windows Authentication work when the application is not in the same domain of the SQL Server? What are the common reasons for using Windows Authentication instead of SQL Authentication? Is it recommended that I provide users a GUI to manage the Windows Logins of the SQL Server used by the application instead of requiring users using Management Studio?