View Single Post
  #4 (permalink)  
Old May 15th, 2009, 07:23 AM
samjudson's Avatar
samjudson samjudson is offline
Friend of Wrox
Points: 8,687, Level: 40
Points: 8,687, Level: 40 Points: 8,687, Level: 40 Points: 8,687, Level: 40
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
Join Date: Aug 2007
Location: Newcastle, , United Kingdom.
Posts: 2,128
Thanks: 1
Thanked 189 Times in 188 Posts

When creating the database connection the SQL client uses the details provided in the SQL connection string. If the connection string says to use integrated security (or trusted_Connection=Yes) then it will use the identity of the process it is currently running as.

In IIS this defaults to the NETWORK_SERVICE user, but can be overridden to 'impersonate' a different user.

You can change the user that the process runs as in a number of ways. Firstly you can edit the 'Identity' of the application pool that the web site is running as to any valid windows user.

Secondly you can set <identity impersonate="true"> in the web.config which will set it to use the user 'logged on' via the web site. This in turn will default to the anonymous user account (IUSER_<machinename>) unless you have anonymous access turned off.

Thirdly you can supply the username and password attributes with the <identity> element to get the web site to impersonate that particular user.

An alternative to all of this is to supply a username/password in the connection string
/- Sam Judson : Wrox Technical Editor -/

Think before you post: What have you tried?