Well, yes...and no.
It is possible - you have to access the SQL server instance as an admin and permit Remote Connections:
http://support.webecs.com/kb/a868/how-do-i-configure-sql-server-express-to-allow-remote-tcp-ip-connections-on-port-1433.aspx[
^] and probably also configure it's local firewall(s) to open the right ports.
But...it's dangerous.
You will be opening every database on the instance to anyone who has (or can work out) a username / password combination. So you need to start by ensuring that all such SQL logins are secure - and "sa/admin" has got to go for starters!
Personally, I wouldn't do it: I'd write a WCF app to sit on a "local" site to the DB server and make all requests via that. It's a lot more complex, but it's also a lot, lot safer.