>I am using Windows Authentication on a web form with impersonate="true" in the web.config. On my local host I have no problem connecting with our SQL Servers with windows authentication. I put a button on the form to verify my username and it properly shows who I am with a HttpContext context.User.Identity.Name call.
>
>When I move the app to our test development server from my local host, the who am i button still correctly identifies me, but when any attempt to contact our SQL Servers result in "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Can anybody out there help? Thanks.
>
>Update:
>I have discovered the limitation of not flowing the user credentials beyond the IIS server. Looks like I need to re-impersonate programmatically from IIS server to SQL server. Most of the examples I have found use LogonUser with a name and password. However, the ImpersonateLoggedOnUser would seem to be just what is needed here. I will be looking into this. If anyone has already crossed this bridge, I would be happy to hear about it. Thanks.

Since SQL Server does not replicate with AD, the best solution that I have found is to set SQL Server to mixed-mode authentication, then create a role and userid that your application will use exclusively.

Best practices say that security is best handled outside of SQL Server where it can be more tightly controlled and as flexible as needed.

Note: This is only secure if IIS & SQL Server are on the same internal network segment and that segment is behind a firewall.