>>Probably from windows app you're actually using windows authentication
>>(recommended) and not SQL authentication. Does that windows app connect if >you do that from a nontrusted computer?
>>Cetin
>
>I'm running them on the same computer. In fact they are using the same class for establishing the connection to the database and the same file for storing the connection string, so I can't imagine any way the windows app would be using a different connection. I checked the string just before issuing the open connection and it is identical in each application.
>
>It seems to me as if the web app can't even see the server. Unfortunately I'm rather a novice when it comes to IIS.

It sounds strange I know. However it's how SQL server works. When configured for windows authentication or mixed mode and the user is a trusted one, it simply even doesn't care 'username/pwd' combination and instead does a windows authentication. With SQL server directly on your dev. machine this is the case. You can trace it in profiler. Though you have uid/pwd the connecting account is trusted windows account (unless you do it via TCP/IP:port).
For web apps. the account is ASPNET if the machine is not a domain controller. If you grant local ASPNET account to access your MSSQL database then it would work.
PS: If you impersonate="true" in web.config w/o username/pwd then it's IUSR_machinename.
Cetin