Sql-server – where can I find the user in this IIS error ‘Login failed for user ‘IIS APPOOL\Web2’

iisiis-7permissionssql server

I encounter the following error:

Cannot open database "testbase" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\Web2'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Cannot open database "testbase" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\Web2'.

So, where can I give this user Web2 permission? (By the way, the server do not have such user Web2 but there is a folder called Web2 located at the wwwroot folder.)

I search for answers but all failed as follows:

[1] Add the user IUSR to the folder and give it read permission.

[2] http://www.codekicks.com/2008/11/cannot-open-database-northwind.html

[3] http://blog.sqlauthority.com/2009/08/20/sql-server-fix-error-cannot-open-database-requested-by-the-login-the-login-failed-login-failed-for-user-nt-authoritynetwork-service/

Best Answer

You need to add a user to your SQL Server with the username "IIS APPPOOL\Web2" and give that user access to the database. Note that you will not see this username in search but you might see it change to underlined if you click "check names".

The user does not really exist on the machine except for managing the app pool's permissions.

Alternatively, you could set the application pool to run as a different user.

For more information, see http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx and http://learn.iis.net/page.aspx/624/application-pool-identities/

Here is an example of the SQL Server Logins list:

SQL Server Users

Here is an example of a database's Logins list:

Database Users

Here are the database user's details: (Note that both boxes have the same name in them. The second box must match a login name from the SQL Server Logins list.)

Database User Details

You can also try using code instead of the GUI:

USE [master]
GO
CREATE LOGIN [IIS APPPOOL\Web2] FROM WINDOWS WITH DEFAULT_DATABASE=[testbase]
GO

USE [testbase]
GO
CREATE USER [IIS APPPOOL\Web2] FOR LOGIN [IIS APPPOOL\Web2]
GO
EXEC sp_addrolemember N'db_owner', N'IIS APPPOOL\Web2'
GO

I assigned owner permissions but your application may be able to get away with lower permissions. It is usually considered good practice to give the lowest permissions you can get away with.

Related Topic