Hi All,
I have a WCF web service hosted in IIS 7 (or maybe 7.5, whichever comes with Windows server 2008 R2) using DefaultAppPool running under ApplicationPoolIdentity per Microsoft's recommendation. The web service needs to call a stored procedure to insert data to a db. The web server is on a different VM than the database server. The db server is running SQL 2008 R2. Both VMs run Windows server 2008 R2. In addition, I created an AD group and add the web server VM as member of the group, and created a SQL login for the AD group.
Here's the connection string in web.config:
Application Name=somewebservice;Server=somewebserver;Integrated Security=SSPI;Database=somedatabase;Connection Timeout=60"
When the web service tries to connect to db, it encounters this exception:
Exception in InsertToDb()System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
However, if I change the application pool identity to Network Service, it works fine. But since MS recommends ApplicationPoolIdentity account over Network Service, my boss wants us to look into how to make it work in our architecture.According to this article: http://learn.iis.net/page.aspx/624/application-pool-identities/, when accessing network resource, both Network Service and ApplicationPoolIdentity use machine account, so why in my case Network Service works but not ApplicationPoolIdentity?
