My users are trying to connect to SQL Server 2005 from an Intranet application. All users are on Active Directory, if that makes a difference. Within SQL 2005 three Application Roles have been created, General, Supervisors and Administrators.

Some users are assigned to all three groups, some to two groups and others to one single group. Only those users assigned to all three groups are able to view the web page, all others get the following error:

System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\USERID'

My web.config file connection string:

<add name="ConnectString" connectionString="Data Source=DataSource;Initial Catalog=Dance;User ID=AOwner;Integrated Security=SSPI;Trusted_Connection=True;Pooling=Fals e"
providerName="System.Data.SqlClient"/>

My code behind file:

Partial Class Login_Default
Inherits System.Web.UI.Page
'Establish connection to the database connection
Dim sqlcon As New SqlClient.SqlConnection(ConfigurationManager.Conne ctionStrings("DancerConnectionString").ToString)
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Session("ID") = txtEmpID.Text
Session("WINNT") = Replace(HttpContext.Current.User.Identity.Name.ToS tring, "DOMAIN\", "")
txtEmpID.Focus()
Dim cmd As New SqlClient.SqlCommand
cmd.Connection = sqlcon
cmd.CommandText = "sp_setapprole"
cmd.CommandType = CommandType.StoredProcedure
Dim rolename As SqlClient.SqlParameter = cmd.Parameters.Add("@rolename", SqlDbType.VarChar, 20)
rolename.Value = "GeneralUser"
Dim password As SqlClient.SqlParameter = cmd.Parameters.Add("@password", SqlDbType.VarChar, 20)
password.Value = "GeneralUserPassword"
sqlcon.Open()
cmd.ExecuteNonQuery()
Dim strUser As String
strUser = "DOMAIN\(AREA) SQL GENERAL Users"
If (Roles.IsUserInRole(strUser)) Then
txtEmpID.Focus()
Else
Response.Redirect("http://AREA/home.asp")
End If
sqlcon.Close()
cmd.Dispose()
End Sub

End Sub
Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
Dim cmdRtnValue As SqlCommand = New SqlCommand
cmdRtnValue.CommandType = CommandType.StoredProcedure
cmdRtnValue.CommandText = "usp_GetID"
cmdRtnValue.Parameters.AddWithValue("@ID", Session("ID"))
cmdRtnValue.Parameters.AddWithValue("@WINNT", Session("WINNT"))
cmdRtnValue.Connection = sqlcon
sqlcon.Open()
cmdRtnValue.ExecuteScalar()
lblEmpName.Text = cmdRtnValue.ExecuteScalar().ToString()
If (lblEmpName.Text) = "0" Then
If txtEmpID.Text = "" Then
lblEmpName.Text = "You must enter your Employee ID number."
Else
lblEmpName.Text = "Invalid Employee ID number entered: " & txtEmpID.Text & "; please try again"
End If
Else
Session("Tracking") = "1"
Response.Redirect("LoginType.aspx")
End If
cmdRtnValue.Dispose()
cmdRtnValue.Connection.Close()

End Sub

Thank you.