Hello,
Quick overview: I have Win Auth and Impersonation enabled on a site, app pool identity running under domain account, connection string to local SQL instance set to 'Integrated Security=True' butevery request going to DB is sent as app pool identity and not the end-user's credentials.
- I have a freshly installed Windows Server 2012 VM with IIS 8.0 and I've deployed a Silverlight 5 application to a subsite of 'Default Web Site' (http://<server>/<mySite>) on our intranet.
- In my subsite's Authentication settings, I have disabled Anonymous/Forms Authentication and enabled ASP.NET Impersonation and Windows Authentication.
- The web.config for my application has a sql connection string pointing to a local instance of SQL with 'Integrated Security=True' and 'impersonate=true' is set under system.web.
- The Application Pool is set to run under .Net 4.0, Classic Managed Pipeline and a domain account for its Identity.
When running SQL Profiler, every request sent to the DB is sent as the domain account in the Application Pool Identity and not the end-user's credentials. I have the same setup for a different application on a Windows Server 2008 R2 with IIS 7.5 and it works as expected.
Am I missing anything? Since this is newly installed server, is there any features or settings I can check to make sure they're setup correctly?