Well, yes...and no.
It is possible - you have to access the SQL server instance as an admin and permit Remote Connections: http://support.webecs.com/kb/a868/how-do-i-configure-sql-server-express-to-allow-remote-tcp-ip-connections-on-port-1433.aspx
] and probably also configure it's local firewall(s) to open the right ports.
You will be opening every database on the instance to anyone who has (or can work out) a username / password combination. So you need to start by ensuring that all such SQL logins are secure - and "sa/admin" has got to go for starters!
Personally, I wouldn't do it: I'd write a WCF app to sit on a "local" site to the DB server and make all requests via that. It's a lot more complex, but it's also a lot, lot safer.