The right way to achieve a reasonable security level is:
- create a new user that will run the Windows Service (you can create this user in Control Panel)
- create a new login for this user in SQL Server (using Integrated Security)
- give the necessary, but minimum, permissions to this user in SQL Server
To implement a service you must be aware of a few things:
- if you use WCF (or any other service stack), you need a thread for listening the requests and a different thread to run the processes in SQL server. If not, the subsequent requests will probably time out. (You can launch new threads for each task, or implement a queue to avoid overloading the server).
- be extremely careful with error (exception) handling. If an unhandled exception is thrown your service will stop, until someone starts it again
- it's harder to implement the UDF solution, becasuse you need to modify SQL Server security settings to allow an UDF to communicate with the "outer world"
- you should include some kind of logging in your service, so that you can test it and verify it's working correctly.
It's not to hard to make an executable that can be run as console app as well as as a service. If you do so you can run it from the Visual Studio debugger, or stand alone, and log in the console (Console.Write...(...)
), to see what's going on.