ASP Classic IIS 7 authentication issue

Question

Im pretty new to web application development. I've written a lot scripts on their own (most VBscript) and have done plenty of web development but Im stuck on permissions for an ASP Classic page I've built. The tool I've built and tested outside of my web server quite simply pulls SQL servers from a server list in a loop, creates/opens a ado connection, executes a SQL Query, uses get string to parse the result and determine if the query completed successfully. For some reason when I deploy this to my web server it tries to run the page using the web server's machine acct 'Domain\\ServerName$'. This causes the query to fail since the machine acct does not have rights to the sql servers I'm attempting to run this query against.

Long story short, how do I force my ASP page to use a specific credential? I thought it was the AppPoolPin in IIS but that does not seem to be the case for me since I've set that account to a PIN that has priveledges to the SQL servers I'm attemping to query, no changes, my asp page still uses the machine acct 'Domain\\ServerName$'.

this is my code (slighty stripped for security purposes)

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0     Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<%
strFilePath = "\\server\path\to\list\"
Set Fso = CreateObject("Scripting.FileSystemObject")
Set InputFile = fso.OpenTextFile(strFilePath & "SQLServerList.txt" , 1)

Do While Not (InputFile.atEndOfStream)
On Error Resume Next
ServName = InputFile.ReadLine

Set myConn = CreateObject("ADODB.Connection")
Set objRecordSet = CreateObject("ADODB.Recordset") 

DB_CONNECT_STRING = "Provider=SQLOLEDB.1;Data Source=" & ServName & ";Initial Catalog=Master;Integrated Security=SSPI"

myConn.Open DB_CONNECT_STRING
objRecordSet.Open "select @@VERSION", myConn 

Rows = objRecordSet.GetString(,,"</td><td>","</td></tr><tr><td>","&nbsp;")


 If (InStr(Rows,"Microsoft"))=1 Then %>

      <table border="1" width="100%">
      <tr>
        <td><%Response.Write ServName%></td>
        <td><%Response.Write "Online"%></td>
      </tr>
    </table>
<%Else%>
            <table border="1" width="100%">
      <tr>
        <td><%Response.Write ServName%></td>
        <td><%Response.Write "Failed"%></td>
      </tr>
    </table>
<%
End If

Rows = ""
Set objRecordSet = Nothing
myConn.Close
Set myConn = Nothing

Loop 

%>


</body>
</html>

So I'm open to any suggestions. I'd like to know how I can force this page to use credentials without obviously including the login and password in my connection string. I definitely cannot do that.

Thanks in advance for any help. Sorry for the long post. I did look around for a while trying to resolve this before i posted here.

Answer 1

Create NEW user account:

• [app pool user identity] is user: app_pool_blahblahblah, pw: xxxxxx

In Application Pool, advanced settings:

• set .Net Framework version to "v2.0" <-- fixed issue with default asp doc not working!
• set "Enable 32-bit applications" to TRUE.
• set managed pipeline mode to "Classic".
• under Process Model, change Identity to "[app pool user identity]" account we created.
• be sure "load user profile" is set to FALSE.
• be sure "maximum worker processes" is "1".

In IIS 7.5 under web site:

• Authentication --> edit "Anonymous Authentication" and set to app pool identity.

Set "Modify" Permissions for [app pool user identity] for the following folders:

• your web site
• windows\\temp
• inetpub\\temp
• inetpub\\mailroot
• ONLY IF PROBLEM: windows\\serviceprofiles\\networkservice\\AppData\\Local\\Temp?