We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.RSS

15 replies

Last post Jul 24, 2014 08:49 PM by abifarrah

  • ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Dec 30, 2010 04:12 PM|jambrose|LINK

    I have a small ASP.NET test script that opens a connection to a SQL Server database on another machine in the domain. It isn't working in all cases. 

    Setup:

    IIS 7.5 under W2K8R2 trying to connect to a remote SQL Server 2008 R2 instance. All machines are in the same domain.

    Using the ApplicationPoolIdentity for the web site it fails to connect to the SQL Server with  the following:

     Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

    However if I switch the  Process Model Identity to NETWORK SERVICE or my domain account the database connection is successful.

    I've granted the <domain>\<machinename>$ access in SQL Server. 

    I am not doing any sort of authentication on the web site, it is just a simple script to open a connection to a database to make sure it works. 

     I have Anonymous Authentication enabled and set to use the Application pool identity.

     How do I make this work? Why is the ApplicationPoolIdentity trying to use ANONYMOUS LOGON? Better yet, how do I make it stop using Anonymous logon?

    iis 7.5 SQL Server 2008 R2 ApplicatioPoolIdentity

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jan 02, 2011 03:32 PM|gaurav.singh|LINK

     Hello,

     Refer http://msdn.microsoft.com/en-us/library/ms998358

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jan 03, 2011 02:41 AM|Leo Tang - MSFT|LINK

    Hi,

    By default, the application pools run with a unique identity based on the Application Pool name. Unlike a real user / domain user account, this new identity does not have a user profile. This is the reason that switch the  Process Model Identity to NETWORK SERVICE or your domain account the database connection is successful.

    If you must use Anonymous Authentication, you can either switch the Process Model Identity to another account, set Anonymous Authentication to use a custom account or impersonate a user account in your application.

    Thanks.

    Please mark the replies as answers if they help or unmark if not.
    Feedback to us


  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jan 03, 2011 11:52 AM|jambrose|LINK

    So is there no way to allow the Application Pool Identity to authenticate to the SQL Server? 

    Parts of the site will have database access, but not require a logged in user. I don't have a problem using a domain account to authenticate the web application to the SQL server, I was just hoping to use the new App Pool Identities.

    Thank you. 

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jan 03, 2011 02:53 PM|AxelD|LINK

     Yes, it can be done. Here're the steps necessary:

    • In SSMS ...
      • connect to your SQL Server and navigate to Security - Logins in Object Explorer.
      • Add a new login:
        • Create a Windows login with the name of your application pool. Use the virtual domain name "IIS AppPool", like: "IIS AppPool\{YourApplicationPoolName}"

          (Dont' forget to use the real application pool name after the backslash, e.g.: "IIS AppPool\DefaultAppPool")
        • Assign the new login to your database(s) in the User Mapping page of the New Login dialog.
          Give it any user name you find appropriate.
        • Save and close the New Login dialog.
      • In Object Explorer ...
        • Navigate to your database, then navigate to Security - Users
        • Navigate to your new user and set permissions according to your needs.

    That's it.
  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jan 03, 2011 03:53 PM|jambrose|LINK

     AxelD,

    I don't know that this will work seeing as the SQL Server isn't on the same box as the IIS Server. I think that the IIS AppPool\<apppoolname> is a local account correct? At any rate, I'm unable to add the IIS AppPool\<apppoolname> to SQL Server as a login.

    I can add the machine for the remote web server from the sql server like so:

    <domain>\<machinename>$

    This doesn't seem to resolve the problem.  

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jul 12, 2011 04:34 PM|maxisam|LINK

     Hi there, I know this is kinda old. But does anyone figure this out ? I have the exactly same question.

     

    Thanks,

    Sam

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Aug 21, 2011 04:04 PM|sprdaveaspnet|LINK

     I have tried to CREATE  "IIS APPPOOL\ASP.NET v4.0"  just like the book I am reading says to do.  And get this error:

    "Create failed for login 'IIS APPPOOL\ASP.NET v4.0"  "Windows NT user or group IIS APPPOOL\ASP.NET v4.0 not found. Check the name again.

    I am using Windows 7 x64  and SQL Server 2008 develper.

    I am new to SQL and IIS.  What am I doing wrong?  Do I need to set up something in IIS, so when I create the login, it can find it?  I must just be missing some steps.  SQL will not let me CREATE a login for IIS.

    Thanks,

    Dave

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Aug 28, 2011 10:46 PM|stephena55|LINK

    Hello any luck with this situation? I have exactly the same setup and got the same error. I figured out how to add the default app pool to SQL as login but it doesn't help either. If anyone ever figured this out can you please post the solution? Many thanks!
  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Sep 22, 2011 03:31 PM|korggy|LINK

    Same issue here. Would be very excited to see a solution.
  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Sep 29, 2011 06:50 PM|zacuke|LINK

    http://msdn.microsoft.com/en-us/library/ms187662.aspx

    The trick is to make sure your connection is via the shared memory protocol. Apparently there is a hard coded block on loopback connections.
  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Aug 02, 2012 10:27 PM|tanocarlo|LINK

     Just if anyone is yet looking for this, the trick is to write down the IIS Application pool as it is when you add a new login. Don't search for it!!

    More information here: http://stackoverflow.com/questions/1933134/add-iis-7-apppool-identities-as-sql-server-logons

     

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jun 01, 2013 03:32 PM|lz12345|LINK

    Sorry to bring up this old thread.

    When following AxelD's steps in SQL Server 2012, I'm getting an error code 15401 - Create failed for Login 'IIS_APPPOOL\myAppPool'.

    How should correct this error? Thank you!

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jun 03, 2013 03:54 AM|kctt|LINK

    Do you use IIS and SQL on same server? The solution is not applicable when SQL runs on a different server.

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jun 03, 2013 01:52 PM|lz12345|LINK

    They run in the same Windows 8 Pro x64.

  • Re: ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.

    Jul 24, 2014 08:49 PM|abifarrah|LINK

    If this question is about how to execute _sp_send_dbmail in msdb database (using the SQL send Database Mail stored procedure in msdb), here is some work around.
    Add the .net application user name of your database (which is define on your connection string in your .net app) to the msdb user with "DatabaseMailUserRole" role membership