From: Dan Guzman on
> Assume I use Integrated Security. I have two windows accounts one account
> Tony that I use when logging in to the machine and the other is ASPNET
> that
> IIS is using.
> How can I see in Sql Server what access rights these two accounts have.
> None of these two account exist in Sql Server.

Be aware that there are 2 levels of authentication and authorization that
occur with an IIS database application: IIS and SQL Server. IIS first
confirms the end user identity based on the IIS site configuration. The
user can use the application only if they are authorized or anonymous access
is enabled. Once authorized, an application using Integrated Security to
connect to SQL Server typically connects to SQL Server using the Windows
domain account you specify as the IIS anonymous or application pool security
context. The credentials of the end user are not used to connect to the
database server in this scenario. You'll need to add a SQL Server login for
the IIS Windows account (or group) as well as the corresponding database
user and object permissions.

There are ways to configure IIS to use the end user credentials, but this is
usually done only for intranet applications. See for more

Hope this helps.

Dan Guzman
SQL Server MVP