To use Windows Authentication in our asp.net application, we need to check the Active Directory. To test, I normally use my own account, but that means that anyone can see my password on our buildserver.
Which account do I best use for this purpose? A restricted account in Active Directory?
If your are doing operations within the context of the user then you can impersonate his account. This is for operations like changing information or resetting the users password. But for global transactions like searching, forgot password functions, joining to groups, etc. What I suggest is to create a restricted account to do only the functions you need and let your application pool use that. This password will be secure as it will not be on your web config.