I have an asp.net web app which works fine in Windows XP machine in a domain. I am porting it to a Windows 7 stand alone machine. The app uses a web service which makes a call to sql server. The web server (IIS 7.5) and SQL Server are on the same stand alone machine.
I enabled Windows authentication for the website and web service. The web service uses a trusted connection connection string. The web service credentials uses System.Net.CredentialCache.DefaultCredentials. I noticed username, password and domainname are blank after the call! The webservice and web site use the 'Classic .NET AppPool' with NetworkServices identity.
I am getting an exception "NT AUTHORITY\ANONYMOUS LOGON" in the database call in the web service. I am assuming it's related to the blank credentials.
I am expecting ASPNET user to be the security token to the database. Why is this not happening? Did I miss a setting? (Usually this happens when sql server and web server are on two different machines in a domain, delegation & double hopping, but in my case everything is on a dev box)
Best Answer
The "ASPNET" user was last seen on Windows XP, it doesn't exist on Vista or Windows 7 because IIS hosts ASP.NET directly and just uses Network Service as the pool identity.
Check your impersonation settings too. For simplicity, ensure that the "Anonymous Authentication" setting in IIS is bound to the Application Pool identity, and that the Site Basic Settings are also set to "Connect as..." the pool identity.
Finally, add a SQL Server Login entry for Network Service (or whatever identity the pool is running under).