I have never developed an application outside my companies system where we just rely on windows authentication from our domain, but I want to learn how to develop a secure application that I can connect to a remote database.

I know it is easier if I use ASP .Net because the data connections will be on server side, but I want to have a WPF application as well for administrative tasks.

Here is what i can think of for securely connecting to a database:

First have a SSL connection to the database always, have a default user/pass that is clear text in the config file of the program where it's only access is to a login procedure on the database where the user puts in there database credentials and the default user/pass will be connected to the db and pass the credentials that the user presented.

The procedure will then pass back a pair of credentials user/pass that the application will use for the remainder of the user logged in session. Is this a good way of approaching the issue? and also should I consider using a web service of WCF as the interface instead of direct connection?