[ACCEPTED]-The error "Login failed for user 'NT AUTHORITY\IUSR'" in ASP.NET and SQL Server 2008-database-permissions

Accepted answer
Score: 10

The trick here is that NT AUTHORITY\NETWORK SERVICE actually appears 15 to the database as DOMAINNAME\MACHINENAME$ (note the $ sign!). That 14 is, when you cross the machine boundary 13 from your web server to the SQL Server, SQL 12 Server sees the machine account if you use 11 the NETWORK SERVICE or LOCAL SYSTEM accounts. If you use any other 10 non-domain account, SQL Server will not 9 receive your credentials.

I'm a bit puzzled 8 by your error message. Truth be told, I 7 don't think that when the DB is on another 6 box, you'll see anything other than Login Failed for NT AUTHORITY\ANONYMOUS LOGON.

IUSR is 5 used for anonymous websites, and can't pass 4 over the wire to SQL Server. You may find 3 a way for it to work if you're doing everything 2 on the same machine, but I'd never know 1 because I'd never do it that way... ;-)

Score: 5

In case it helps someone, in web.config I added <identity impersonate="false" /> for 1 this error to go away (under <system.web>)

Score: 4

It's important to note that you'll get this 27 error, as I just did, if you don't have 26 IIS configured to allow impersonation, but, you 25 have your web.config attempting to do impersonation.

I 24 just came across this exact error, and all 23 of the following steps are required (but 22 I was missing the first step:

1.) Ensure 21 ASP.NET impersonation is enabled on your 20 IIS web server:enter image description here

2.) Combine that with configuring 19 your site to use impersonation (web.config):

     <identity impersonate="true" userName="your_service_acct" password="***" />

3.) The 18 above steps presume that you have a SQL 17 Login setup on your MSSQL for 'your_service_acct' with 16 permissions

When running on localhost, against 15 a localdb, or even a remote db that you 14 personally have permissions on, the development 13 IIS runs as if it were YOU - and everything 12 just magically works. So, in debug mode, you 11 don't need to create a special web.config..

As 10 soon as you deploy your site onto some kind 9 of server (in my case, our TEST environment) you'll 8 likely need to have done the above steps 7 I just detailed, because IIS will try to 6 connect as the application pool user, which 5 is not usually what you want administratively 4 speaking. So, that's when you want to start 3 using web.config transformations, so Visual Studio will insert the 2 appropriate identity impersonate="true" during your 'Publish...' deployment 1 step.

Score: 2

I would suggest to create a separate (preferably 6 domain) account and specify it in the connection 5 string (usually in web.config) Then you 4 can limit permissions on the web server 3 what this account can and cannot do. Then 2 you can grant this account required permissions 1 in SQL server.

Score: 0

I had had the same problem and solved this 1 by changing application pool.

Score: 0

Instead of using Integrated Security=True; in connection string, just 2 use username and password authentication 1 user=sa; pwd=mypassword;

More Related questions