We are moving an old application to a new environment using Windows 2012 with IIS 8.5 and I've come across the following error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT: 10.107.23.103]
This seems to be very common. Everywhere I read on the web mention the "double hop" error. However, from what I understand, using delegation will only use the credentials from the client to connect to the database and not the domain account running the application pool, which is the account that has access to the database.
I also read this article (https://www.mssqltips.com/sqlservertip/2312/understanding-when-sql-server-kerberos-delegation-is-needed/) and it mentions that Kerberos delegation is not needed for this scenario:
"The user connects to a web site or application on a different system and it uses a Windows domain account (other than the user's) or a SQL Server login to connect to the SQL Server."
This looks like what I am trying to achieve.
Is there anything that could be misconfigured on the IIS Server that is making the application fail when it is trying to connect to SQL Server?
Best Answer
I just came across the solution. The issue was related to having
on the web.config. Setting it to "false" solved the issue.