Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


<system.web>
  <identity impersonate="true" />
</system.web>

I found by entering the following in the web.config fixed this for me:

I had this message and I use Windows Authentication on the web server.

I see other Answers regarding creating the AppPool username in the SQL DB or just to use SQL Auth. Both would be correct if you didn't want to capture or secure individual Windows users inside SQL.

I wanted the currently authenticated web user to be authenticated against the database, rather than using the IIS APPPOOL\ASP.NET v4 User specified in the App Pool.

This solved it for us and we are not sure why. IIS/AppPool just hijacks the connectionstring that explicitly says "Integrated Security=true"? Why??

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


Can this work when your SQL server instance is on another host machine then your IIS host machine ? Because I need to fix the same issue, but SQL and IIS are not on the same machine. So using Windows Authentication for that new user wont work

For me the user to add was 'IIS APPPOOL\DefaultAppPool'. Then it worked.

In SSMS, under the server, expand Security, then right click Logins and select "New Login...".

In the New Login dialog, enter the app pool as the login name and click "OK".

Instead better to change 'Identity' to 'LocalSystem' from IIS, as described in next answer.

VERY IMPORTANT: DO NOT CLICK SEARCH TO TRY TO CONFIRM THE LOGIN! It won't recognize it but it will work. Just type it in as IIS APPPOOL\SimonsAppPoolName. See this stackoverflow.com/questions/1933134

You can then right click the login for the app pool, select Properties and select "User Mapping". Check the appropriate database, and the appropriate roles. I think you could just select db_datareader and db_datawriter, but I think you would still need to grant permissions to execute stored procedures if you do that through EF. You can check the details for the roles here.

You need to add a login to SQL Server for IIS APPPOOL\ASP.NET v4.0 and grant permissions to the database.

thanks, I did what you sad, now i receive this error: Cannot open database "SiteNameExtension" requested by the login. The login failed. Login failed for user 'IIS APPPOOL\DefaultAppPool'.

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


Below are the Steps for windows authentication WCF: Open IIS (windows+R (run) then type inetmgr, then click ok) double click your PC name under Connections Click Application Pools Select your app pool (DefaultAppPool) Then under actions on the right click Advanced Settings: Go to Process Model section and click on Identity. Now select LocalSystem.

But when you deploy your web service in IIS. Now understand this service runs under IIS not under your account. So you need to assign access rights to IIS service to access the sql server for windows authentication. Here your web service would not be able to communicate to the SQL server because of access rights issue and Login Failed for user_______ (here your user will come)

First thing you need to clear if you are using windows authentication and you are not mentioning any username password in your connection string then:

Now open properties of your account go to userMapping then select the database you want to connect then check the role membership services you want to use for the selected database click ok. (For network services i.e. intranet users you need to configure above settings for NT AUTHORITY\SYSTEM user too)

Now open your sql server management studio: open run-> then type ssms then press ok in ssms, login using your windows authentication account. open security tab expand logins tab then you will be able to view your account.

So if you are using windows authentication to connect your database, you just have to change the IIS Application pool settings. You need to change IIS Application pool's identity to local System.

What happens when you run your code through localhost: when you run your wcf test client from localhost, it will be able to communicate to database as local debug mode application is calling database by your account's service. So it has access to database because devenv.exe is running under your user account.

add Trusted_Connection=True; property in your connection string. Save it & deploy the web service. Restart app pool.

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


<connectionStrings>
    <add providerName="System.Data.SqlClient" name="MyDbContext" connectionString="Data Source=localhost,1433;Initial Catalog=MyDatabase;user id=MyUserName;Password=MyPassword;Trusted_Connection=true;Integrated Security=false;" />
</connectionStrings>

If you have your connection string added in your web.config, make sure that "Integrated Security=false;" so it would use the id and password specified in the web.config.

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


Cassini runs your website as your own user identity when you start up the Visual Studio application. IIS runs your website as an App Pool Identity. Unless the App Pool Identity is granted access to the Database, you get errors.

Continue to use Windows Integrated Security in all Connection Strings. In SQL Server, add the Domain users as logins and grant permissions to databases, tables, SP etc. on a per website basis. E.g. DB1 used by Website1 has a login for User1 because Website1 runs on an App Pool as User1.

IIS introduced App Pool Identity to improve security. You can run websites under the default App Pool Identity, or Create a new App Pool with its own name, or Create a new App Pool with its own name that runs under a User Account (usually Domain Account).

In networked situations (that are not in Azure) you can make a new App Pool run under an Active Directory Domain user account; I prefer this over the machine account. Doing so gives granular security and granular access to network resources, including databases. Each website runs on a different App Pool (and each of those runs under its own Domain User account).

One challenge with deploying from the Visual Studio built-in DB (e.g. LocalDB) and built-in Web Server to a production environment derives from the fact that the developer's user SID and its ACLs are not to be used in a secure production environment. Microsoft provides tools for deployment. But pity the poor developer who is accustomed to everything just working out of the box in the new easy VS IDE with localDB and localWebServer, because these tools will be hard to use for that developer, especially for such a developer lacking SysAdmin and DBAdmin support or their specialized knowledge. Nonetheless deploying to Azure is easier than the enterprise network situation mentioned above.

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


Edit: Before applying this suggestion you should note and understand the security implications.

I would have upvoted zillions of time if I could. Thanks this helped.

In addition to running the app pool as the LocalSystem identity, I also had to map the "NT AUTHORITY\SYSTEM" user to database roles

SYSTEM is more highly privileged than Administrator. You should NEVER run your web server with anything approaching that level.

This stinks. Granting SYSTEM authority to a web app is a recipe for disaster and allows miscreants all sorts of opportunity to inflict badness upon not only your web app, but the entire hosting server. Just because the DB accepts logins from SYSTEM does not mean that you should run your web app as SYSTEM. The windows desktop won't even let you run as SYSTEM (without jumping through hoops). Running a webapp with this authority is a really, really stupid idea. You should make the DB accept the current apppool identity. I'd -100 if I could. -1.

Under ApplicationPoolIdentity you will find local system. This will make your application run under NT AUTHORITY\SYSTEM, which is an existing login for the database by default.

You can change the ApplicationPoolIdentity from IIS7 -> Application Pools -> Advanced Settings.

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


Integrated Security = SSPI;
Integrated Security = true;
Trusted_Connection=true;
User ID=xxx;Password=yyy

If in the connection string you have specified:

SQL Server will use Windows Authentication, so your connection values will be ignored and overridden (IIS will use the Windows account specified in Identity user profile). more info here

The same applies if in the connection string there is:

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


As adrift says, it does sound like a database security issue. So create an NT user account, assign it to the ASP.NET v4.0 AppPool and then grant it permission on the website folder and to the relevant table(s) in SQL.

I hate the ApplicationPoolIdentity. I always set a Windows User Account as the account on AppPools.

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


<system.web>
  <identity impersonate="true" />
</system.web>

I found by entering the following in the web.config fixed this for me:

I had this message and I use Windows Authentication on the web server.

I see other Answers regarding creating the AppPool username in the SQL DB or just to use SQL Auth. Both would be correct if you didn't want to capture or secure individual Windows users inside SQL.

I wanted the currently authenticated web user to be authenticated against the database, rather than using the IIS APPPOOL\ASP.NET v4 User specified in the App Pool.

This solved it for us and we are not sure why. IIS/AppPool just hijacks the connectionstring that explicitly says "Integrated Security=true"? Why??

Note
Rectangle 27 0

c Login failed for user 'IIS APPPOOLASP.NET v4.0'?


As adrift says, it does sound like a database security issue. So create an NT user account, assign it to the ASP.NET v4.0 AppPool and then grant it permission on the website folder and to the relevant table(s) in SQL.

I hate the ApplicationPoolIdentity. I always set a Windows User Account as the account on AppPools.

Note