Hi I have an ASP.Net based application, running under IIS6 via Anonymous Authentication, using the "IUSR_<Machine Name>" account. The connection string in the web.config to SQL Server uses windows authentication. I have the following line in web.config: <authentication mode="Windows"> I do not have am <Impersonate> setting. Can anyone please tell me why the application is logging into SQL Server using the account NT "Authority\Network Service" (rather than "IUSR_<Machine Name>"). Many thanks
> Can anyone please tell me why the application is logging into SQL Server > using the account NT "Authority\Network Service" (rather than > "IUSR_<Machine > Name>"). This is because a local Windows account is recognized only on the local machine. Access to network resources from a local account is done under the minimally privileged context of "NT Authority\Network Service" (anonymous). Consider using a domain account instead if you need to access network resources that require authentication. -- Hope this helps. Dan Guzman SQL Server MVP http://weblogs.sqlteam.com/dang/ "Geoff_Olding" wrote in message news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@microsoft.com... > Hi > > I have an ASP.Net based application, running under IIS6 via Anonymous > Authentication, using the "IUSR_<Machine Name>" account. > > The connection string in the web.config to SQL Server uses windows > authentication. > > I have the following line in web.config: > <authentication mode="Windows"> > > I do not have am <Impersonate> setting. > > Can anyone please tell me why the application is logging into SQL Server > using the account NT "Authority\Network Service" (rather than > "IUSR_<Machine > Name>"). > > Many thanks
Thanks for your post. I should have said that IIS and SQL Server are running on the same server (i.e. the interaction between IIS and SQL Server doesn't need to go across the network). Is the "NT Authority\Network Services" account still used even in this situation? Regards Geoff Olding "Dan Guzman" wrote: > > Can anyone please tell me why the application is logging into SQL Server > > using the account NT "Authority\Network Service" (rather than > > "IUSR_<Machine > > Name>"). > > This is because a local Windows account is recognized only on the local > machine. Access to network resources from a local account is done under the > minimally privileged context of "NT Authority\Network Service" (anonymous). > Consider using a domain account instead if you need to access network > resources that require authentication. > > -- > Hope this helps. > > Dan Guzman > SQL Server MVP > http://weblogs.sqlteam.com/dang/ > > "Geoff_Olding" wrote in message > news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@microsoft.com... > > Hi > > > > I have an ASP.Net based application, running under IIS6 via Anonymous > > Authentication, using the "IUSR_<Machine Name>" account. > > > > The connection string in the web.config to SQL Server uses windows > > authentication. > > > > I have the following line in web.config: > > <authentication mode="Windows"> > > > > I do not have am <Impersonate> setting. > > > > Can anyone please tell me why the application is logging into SQL Server > > using the account NT "Authority\Network Service" (rather than > > "IUSR_<Machine > > Name>"). > > > > Many thanks > >
> I should have said that IIS and SQL Server are running on the same server > (i.e. the interaction between IIS and SQL Server doesn't need to go across > the network). > > Is the "NT Authority\Network Services" account still used even in this > situation? Apparently, given the login failed message references that account ;-) You can grant the access to the local database per article http://msdn.microsoft.com/en-us/library/ms998320.aspx -- Hope this helps. Dan Guzman SQL Server MVP http://weblogs.sqlteam.com/dang/ "Geoff_Olding" wrote in message news:45A73B35-9146-486E-8009-1C8285DC29DA@microsoft.com... > Thanks for your post. > > I should have said that IIS and SQL Server are running on the same server > (i.e. the interaction between IIS and SQL Server doesn't need to go across > the network). > > Is the "NT Authority\Network Services" account still used even in this > situation? > > Regards > > Geoff Olding > > "Dan Guzman" wrote: > >> > Can anyone please tell me why the application is logging into SQL >> > Server >> > using the account NT "Authority\Network Service" (rather than >> > "IUSR_<Machine >> > Name>"). >> >> This is because a local Windows account is recognized only on the local >> machine. Access to network resources from a local account is done under >> the >> minimally privileged context of "NT Authority\Network Service" >> (anonymous). >> Consider using a domain account instead if you need to access network >> resources that require authentication. >> >> -- >> Hope this helps. >> >> Dan Guzman >> SQL Server MVP >> http://weblogs.sqlteam.com/dang/ >> >> "Geoff_Olding" wrote in message >> news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@microsoft.com... >> > Hi >> > >> > I have an ASP.Net based application, running under IIS6 via Anonymous >> > Authentication, using the "IUSR_<Machine Name>" account. >> > >> > The connection string in the web.config to SQL Server uses windows >> > authentication. >> > >> > I have the following line in web.config: >> > <authentication mode="Windows"> >> > >> > I do not have am <Impersonate> setting. >> > >> > Can anyone please tell me why the application is logging into SQL >> > Server >> > using the account NT "Authority\Network Service" (rather than >> > "IUSR_<Machine >> > Name>"). >> > >> > Many thanks >> >>
Thanks for your help "Dan Guzman" wrote: > > I should have said that IIS and SQL Server are running on the same server > > (i.e. the interaction between IIS and SQL Server doesn't need to go across > > the network). > > > > Is the "NT Authority\Network Services" account still used even in this > > situation? > > Apparently, given the login failed message references that account ;-) > > You can grant the access to the local database per article > http://msdn.microsoft.com/en-us/library/ms998320.aspx > > > -- > Hope this helps. > > Dan Guzman > SQL Server MVP > http://weblogs.sqlteam.com/dang/ > > "Geoff_Olding" wrote in message > news:45A73B35-9146-486E-8009-1C8285DC29DA@microsoft.com... > > Thanks for your post. > > > > I should have said that IIS and SQL Server are running on the same server > > (i.e. the interaction between IIS and SQL Server doesn't need to go across > > the network). > > > > Is the "NT Authority\Network Services" account still used even in this > > situation? > > > > Regards > > > > Geoff Olding > > > > "Dan Guzman" wrote: > > > >> > Can anyone please tell me why the application is logging into SQL > >> > Server > >> > using the account NT "Authority\Network Service" (rather than > >> > "IUSR_<Machine > >> > Name>"). > >> > >> This is because a local Windows account is recognized only on the local > >> machine. Access to network resources from a local account is done under > >> the > >> minimally privileged context of "NT Authority\Network Service" > >> (anonymous). > >> Consider using a domain account instead if you need to access network > >> resources that require authentication. > >> > >> -- > >> Hope this helps. > >> > >> Dan Guzman > >> SQL Server MVP > >> http://weblogs.sqlteam.com/dang/ > >> > >> "Geoff_Olding" wrote in message > >> news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@microsoft.com... > >> > Hi > >> > > >> > I have an ASP.Net based application, running under IIS6 via Anonymous > >> > Authentication, using the "IUSR_<Machine Name>" account. > >> > > >> > The connection string in the web.config to SQL Server uses windows > >> > authentication. > >> > > >> > I have the following line in web.config: > >> > <authentication mode="Windows"> > >> > > >> > I do not have am <Impersonate> setting. > >> > > >> > Can anyone please tell me why the application is logging into SQL > >> > Server > >> > using the account NT "Authority\Network Service" (rather than > >> > "IUSR_<Machine > >> > Name>"). > >> > > >> > Many thanks > >> > >> > >
IIS 6.0 ASP.NET applications run in an IIS 6.0 Application Pool. An application pool has an identity (the windows account under which credentials the application pool runs). This identity is Network Service by default. You can change the indentity using IIS 6.0 administrative console. "Geoff_Olding" escribió en el mensaje news:B63879C5-78E2-41DA-9E68-E43BA712D2D4@microsoft.com... > Thanks for your help > > "Dan Guzman" wrote: > >> > I should have said that IIS and SQL Server are running on the same >> > server >> > (i.e. the interaction between IIS and SQL Server doesn't need to go >> > across >> > the network). >> > >> > Is the "NT Authority\Network Services" account still used even in this >> > situation? >> >> Apparently, given the login failed message references that account ;-) >> >> You can grant the access to the local database per article >> http://msdn.microsoft.com/en-us/library/ms998320.aspx >> >> >> -- >> Hope this helps. >> >> Dan Guzman >> SQL Server MVP >> http://weblogs.sqlteam.com/dang/ >> >> "Geoff_Olding" wrote in message >> news:45A73B35-9146-486E-8009-1C8285DC29DA@microsoft.com... >> > Thanks for your post. >> > >> > I should have said that IIS and SQL Server are running on the same >> > server >> > (i.e. the interaction between IIS and SQL Server doesn't need to go >> > across >> > the network). >> > >> > Is the "NT Authority\Network Services" account still used even in this >> > situation? >> > >> > Regards >> > >> > Geoff Olding >> > >> > "Dan Guzman" wrote: >> > >> >> > Can anyone please tell me why the application is logging into SQL >> >> > Server >> >> > using the account NT "Authority\Network Service" (rather than >> >> > "IUSR_<Machine >> >> > Name>"). >> >> >> >> This is because a local Windows account is recognized only on the >> >> local >> >> machine. Access to network resources from a local account is done >> >> under >> >> the >> >> minimally privileged context of "NT Authority\Network Service" >> >> (anonymous). >> >> Consider using a domain account instead if you need to access network >> >> resources that require authentication. >> >> >> >> -- >> >> Hope this helps. >> >> >> >> Dan Guzman >> >> SQL Server MVP >> >> http://weblogs.sqlteam.com/dang/ >> >> >> >> "Geoff_Olding" wrote in >> >> message >> >> news:8DD8D2D4-0D6A-42E6-9DE8-58D97376D204@microsoft.com... >> >> > Hi >> >> > >> >> > I have an ASP.Net based application, running under IIS6 via >> >> > Anonymous >> >> > Authentication, using the "IUSR_<Machine Name>" account. >> >> > >> >> > The connection string in the web.config to SQL Server uses windows >> >> > authentication. >> >> > >> >> > I have the following line in web.config: >> >> > <authentication mode="Windows"> >> >> > >> >> > I do not have am <Impersonate> setting. >> >> > >> >> > Can anyone please tell me why the application is logging into SQL >> >> > Server >> >> > using the account NT "Authority\Network Service" (rather than >> >> > "IUSR_<Machine >> >> > Name>"). >> >> > >> >> > Many thanks >> >> >> >> >> >>
