IIS and SQL Server 2000 Windows Authentication

We have asp.net application setup using Windows Authentication. For the
website, under directory security the only thing checked is "Windows
Authentication". We have the users specified in SQL who have rights to
connect...etc. In the Web.Config, it is specified as Integrated
Security=true. However, when the user goes to the site, an error message is
displayed saying Login attempt failed for (Our Domain Name)\(Our Web
Application Server Name)$ . I have a couple of issues here...

1. Why is it attempting to logon with this account?

2. The domain Machine name doesnt have a $ on it, so why is it showing that
way?

3. Is this some internal naming for a windows account?

John Barr wrote:
> We have asp.net

There was no way for you to know it (except maybe by browsing through
some of the previous questions before posting yours - always a
recommended practice), but this is a classic (COM-based) asp newsgroup.
ASP.Net is a different technology from classic ASP. While you may be
lucky enough to find a dotnet-savvy person here who can answer your
question, you can eliminate the luck factor by posting your question to
a newsgroup where the dotnet-savvy people hang out. I suggest

microsoft.public.dotnet.framework.aspnet.

There are also forums at www.asp.net where you can find a lot of people
to help you.

HTH,
Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

"John Barr" <JohnBarr@discussions.microsoft.com> wrote in message
news:582BA4BC-C27F-483E-9626-2FC178E01BCB@microsoft.com...
> We have asp.net application setup using Windows Authentication. For the
> website, under directory security the only thing checked is "Windows
> Authentication". We have the users specified in SQL who have rights to
> connect...etc. In the Web.Config, it is specified as Integrated
> Security=true. However, when the user goes to the site, an error message
> is
> displayed saying Login attempt failed for (Our Domain Name)\(Our Web
> Application Server Name)$ . I have a couple of issues here...
>
> 1. Why is it attempting to logon with this account?
>

Because you haven't specified:-

<identity impersonate="true" />

in the <system.web> section.

The authenticated user is purely a .NET IPrinicple and does not impact the
security token that the thread runs as.
In order for an integrated security to pass through to a SQL connection the
thread needs to impersonate the windows account of the the user. The above
entry causes that to happen.

> 2. The domain Machine name doesnt have a $ on it, so why is it showing
> that
> way?
>

It is a bit strange but it will the machine account that is trying to access
the SQL server because the default identity on the process will be NETWORK
SERVICE

> 3. Is this some internal naming for a windows account?
>

Yes but I don't think the $ really means much.


--
Anthony Jones - MVP ASP/ASP.NET