Login failed for user 'IIS APPPOOL\ASP.NET v4.0'

Question

I have a web project (C# Asp.Net, EF 4, MS SQL 2008 and IIS 7) and I need to migrate it to IIS 7 locally (at the moment works fine with CASSINI).

Locally in IIS I ha

Answer 1

First thing you need to clear if you are using windows authentication and you are not mentioning any username password in your connection string then:

What happens when you run your code through localhost: when you run your wcf test client from localhost, it will be able to communicate to database as local debug mode application is calling database by your account's service. So it has access to database because devenv.exe is running under your user account.

But when you deploy your web service in IIS. Now understand this service runs under IIS not under your account. So you need to assign access rights to IIS service to access the sql server for windows authentication. Here your web service would not be able to communicate to the SQL server because of access rights issue and Login Failed for user_______ (here your user will come)

So if you are using windows authentication to connect your database, you just have to change the IIS Application pool settings. You need to change IIS Application pool's identity to local System.

Below are the Steps for windows authentication WCF:

1) Open IIS (windows+R (run) then type inetmgr, then click ok)

2) double click your PC name under Connections

3) Click Application Pools

4) Select your app pool (DefaultAppPool)

5) Then under actions on the right click Advanced Settings:

6) Go to Process Model section and

7) click on Identity.

8) Now select LocalSystem.

Now open your sql server management studio: open run-> then type ssms ->then press ok In ssms, login using your windows authentication account. Open security tab expand logins tab then you will be able to view your account.

Now open properties of your account go to userMapping then select the database you want to connect then check the role membership services you want to use for the selected database. click ok.

(For network services i.e. intranet users you need to configure above settings for NT AUTHORITY\SYSTEM user too)

add Trusted_Connection=True; property in your connection string. Save it & deploy the web service. Restart app pool.

you will be able to connect the database now.

Answer 2

something similar happened to me what worked for me was changing the property Integrated Security = True to Integrated Security = false in the web.config of the website

Answer 3

Add "Everyone" under security. If you added the Server and the users logging in to the database, then this is something you are missing. Hope this helps.

Answer 4

go to iis -> application pools -> find your application pool used in application

select your application pool used for the application right click select advanced settings

Select application pool identity

select built in as Local System and click ok

Answer 5

Cassini runs your website as your own user identity when you start up the Visual Studio application. IIS runs your website as an App Pool Identity. Unless the App Pool Identity is granted access to the Database, you get errors.

IIS introduced App Pool Identity to improve security. You can run websites under the default App Pool Identity, or Create a new App Pool with its own name, or Create a new App Pool with its own name that runs under a User Account (usually Domain Account).

In networked situations (that are not in Azure) you can make a new App Pool run under an Active Directory Domain user account; I prefer this over the machine account. Doing so gives granular security and granular access to network resources, including databases. Each website runs on a different App Pool (and each of those runs under its own Domain User account).

Continue to use Windows Integrated Security in all Connection Strings. In SQL Server, add the Domain users as logins and grant permissions to databases, tables, SP etc. on a per website basis. E.g. DB1 used by Website1 has a login for User1 because Website1 runs on an App Pool as User1.

One challenge with deploying from the Visual Studio built-in DB (e.g. LocalDB) and built-in Web Server to a production environment derives from the fact that the developer's user SID and its ACLs are not to be used in a secure production environment. Microsoft provides tools for deployment. But pity the poor developer who is accustomed to everything just working out of the box in the new easy VS IDE with localDB and localWebServer, because these tools will be hard to use for that developer, especially for such a developer lacking SysAdmin and DBAdmin support or their specialized knowledge. Nonetheless deploying to Azure is easier than the enterprise network situation mentioned above.

Answer 6

If in the connection string you have specified:

User ID=xxx;Password=yyy

but in the connection string there is:

Trusted_Connection=true;

SQL Server will use Windows Authentication, so your connection values will be ignored and overridden (IIS will use the Windows account specified in Identity user profile). more info here

The same applies if in the connection string there is:

 Integrated Security = true;

or

 Integrated Security = SSPI;

because Windows Authentication will be used to connect to the database server. more info here