View Single Post
  #5 (permalink)  
Old May 28th, 2009, 08:11 PM
litlmike litlmike is offline
Registered User
Join Date: May 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts

Originally Posted by samjudson View Post
When creating the database connection the SQL client uses the details provided in the SQL connection string. If the connection string says to use integrated security (or trusted_Connection=Yes) then it will use the identity of the process it is currently running as.

In IIS this defaults to the NETWORK_SERVICE user, but can be overridden to 'impersonate' a different user.

You can change the user that the process runs as in a number of ways. Firstly you can edit the 'Identity' of the application pool that the web site is running as to any valid windows user.

Secondly you can set <identity impersonate="true"> in the web.config which will set it to use the user 'logged on' via the web site. This in turn will default to the anonymous user account (IUSER_<machinename>) unless you have anonymous access turned off.

Thirdly you can supply the username and password attributes with the <identity> element to get the web site to impersonate that particular user.

An alternative to all of this is to supply a username/password in the connection string
Thanks for the info, it is good to know my options.