When creating a website in IIS7.5 an App Pool gets created with the same name as the website. This app pool usually runs with the ApplicationPoolIdentity (instead of System or a specific user).
Trouble is, if you try to give the ApplicationPoolIdentity account access to SQL server, SQL can't find the account. This is because it's not a normal account.
In order to give your app pool access to SQL server, you need to give access to the following account:
- IIS AppPool\YourAppPoolName
Hope this helps some poor souls with the same problem.
1 comments:
howzit mate.
To add to your post. A better way to do this would be to add a trusted subsystem account to your sql database to do so execute the following script on your database.
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'NT AUTHORITY\NETWORK SERVICE')
BEGIN
CREATE USER [NT AUTHORITY\NETWORK SERVICE] FOR LOGIN [NT AUTHORITY\NETWORK SERVICE] WITH DEFAULT_SCHEMA=[dbo]
EXEC sp_addrolemember N'db_owner', N'NT AUTHORITY\NETWORK SERVICE'
END
GO
Once this is created set the application pool ProcessModel IdentityType to the NetworkService account. This will now allow your application to logon to sqlserver using SSPI.
Simple way to do this is to use appcmd, you can find it in
%systemroot%\system32\inetsrv\
To set the application pool identity to NetworkService account execute the following on the commandline
appcmd add apppool /name:YouAppPoolName /managedRuntimeVersion:v4.0 /processModel.identityType:NetworkService /managedPipelineMode:Integrated
Cheers
Rustin
Post a Comment