Hi,

We are changing our web application to use Windows Authentication instead of SQL Server Authentication.

Initially, we added the IUSR_MACHINENAME user to SQL Server. This works ok when SQL Server and IIS are both running on the same server.

However, this won't work if SQL Server and IIS are on different servers on the same domain.

After doing a lot of research on the internet, it seemed that the answer was to create a user on the domain and use that user in IIS as the anonymous user (and give that user the relevant rights on SQL Server).

However, I've seen other comments in articles on the internet saying "Running any web service as a domain user is ill-advised".

We are using ASP rather than ASP.NET. What is the correct (and most secure) way to go about this?

Best

Matt.