ASP.NET Windows Authentication - Login failed for user 'NT AUTHORITY/ANONYMOUS LOGON'


This is my first web application (ASP.NET MVC), and I'm having issues I hope someone can help me out on. I'm trying to get Windows authentication working, but I keep getting the following error after deploying the project to IIS:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

I've done a good bit of searching on this the past couple of days, but I cannot seem to figure out what I'm missing. Running within Visual Studio, I'm not getting this error.

In my Web.config, I have the following set:

<authentication mode="Windows" />
<identity impersonate="true"/>

For the server, it's a Win Server 2016 Datacenter with IIS v10.

In my Application Pool, I have the following set: Identity - ApplicationPoolIdentity Load user Profile - True

For the website, I have the following Authentications enabled: ASP.NET Impersonation Windows Authentication with Extended Protection set to Accept, and Providers are NTLM up top with Negotiate underneath.

The workstations, SQL Server, and IIS server are all on the same domain.

My connection string is setup as:

Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=FOO;Data Source=SERVER\\DB; Encrypt=true; Trusted_Connection=Yes; TrustServerCertificate=true;

Any suggestions? Thanks everyone!

asked on Stack Overflow Oct 29, 2019 by BrewingDev • edited Oct 30, 2019 by BrewingDev

2 Answers


We usually handle this by changing application pool identity to use a specific service account ( same as user accounts but with pwd never expires...) and we allow that service account to connect to the sql server database by giving on sql database the least privileges needed to run the application, like read, write and execute on the user db and read on the master database.

There are other ways to do this of course, but we are comfortable with this and we do use different service accounts for each environment for instance service-appname-dev, service-appname-qa, service-appname-prod...

answered on Stack Overflow Oct 30, 2019 by Davide Piras

It's a sql exception, the app pool identity needs to be an account with access to the db. You can test this with your own user account.

answered on Stack Overflow Oct 30, 2019 by terrencep

User contributions licensed under CC BY-SA 3.0