ASP.NET (IIS 6.0) Windows authentication/SQL Server problem

From: Nick Gilbert (news_at_nickgilbert.com)
Date: 10/03/03


Date: Fri, 3 Oct 2003 17:37:19 +0100

Hi,

On Windows 2000, I use the following connection string in my ASP.NET
applications:

<add key="ConnectionString" value="server=(local);Integrated
Security=SSPI;database=knowledge" />

I then created a login in SQL Server for the ASPNET/<machine name> user and
assigned it to a WWWUsers role. This meant that SQL Server automatically
made requests from the website under the WWWUsers role. In IIS, I then
removed anonymous access from the /admin/ folder on the website, which then
caused IE to prompt for a username and password. If I logged in as
'webadmin' and a webadmin login had been created on SQL Server for that
database in the WWWAdmins role, then it would automatically run website
queries by administrators under the WWWAdmins role.

*HOWEVER*, under Windows 2003 Server (IIS6), this seems to be broken. It
either doesn't prompt for a username and password, or if it does, it seems
to ignore it completely and SQL Server still puts me in the WWWUsers role. I
have put the NETWORK AUTHORITY/NETWORK SERVICE user in the WWWUsers role,
and the webadmin user (a valid Windows account) is still in the WWWAdmins
role.

Why is IIS 6 not behaving the same way as IIS 5.5 on Windows 2000? Have I
made a mistake somewhere or is there a way to make it work in the same way
as Windows 2000?

Thanks,

Nick Gilbert