I have an ASP.NET web app where I use an ado sql connection to connect to a database on a SQL Server. The ado connection string is provided with a user login that has sufficient rights to read/write to the database. I originally pushed out the web app in its own IIS web site, using its own application pool and everything worked fine.

However, I am now trying to include the web app under an already existing web site. Everything seemed to work fine until I tried any functionality that called for an INSERT or UPDATE to the database. It turns out the user connecting to the DB didn’t have sufficient permissions. Finding this strange, I did some research and found a forum post that suggested the IIS Web Site service account needed read/write permissions in the SQL database in order for an app to perform INSERT/UPDATE. Is this true?

I tested it out, and yes, indeed it worked, only with the Application Pool Identity account. The details of my scenario are as follows:

• The web app’s first IIS Web Site had an application pool Identity that ran under NETWORK SERVICE, which already had a login for SQL SERVER

• The already existing web site’s application pool Identity runs under a domain account. This site already runs another web app that connects to the same database using LINQ (developed by someone else). I am relatively new to web development and am more familiar with ADO, so that is the route I chose.

• The domain account mentioned above formerly had no SQL Server login/user mapping. I set it up as a dbowner, and viola, the new web app worked under the existing web site.

While I found a way for it to work, we would rather not create a SQL login for this Identity account. We want the login provided in the web app’s ADO SqlConnection to be the one to actually connect, because isn’t that the point of it? Also, the fact that another web app using LINQ can connect just fine under the same web site leads us to believe this is possible. Any experts out there have two cents to offer on this issue?