SQL Server Login for IIS APPPOOL on different machines - same domain

Question

I want to reference these links because they highlight my issue

Create SQL Server Login for IIS APPPOOL - IIS and SQL Server on different machines

and

Configuring ASP.NET MVC app's IIS 7.5 Application Pool identity as login on SQL Server 2008 R2.

To summarize the posts, I have ServerA with IIS and my app pool and ServerB with SQL Server. ServerA SQL recognizes my app pool as a login since that is where IIS resides, but now I need my app pool to access SQL on ServerB.

I have tried to create a SQL login on ServerB for my app pool as Domain\ComputerName$\IIS APPPOOL\AppPoolName, but it does not recognize that. It recognized Domain\ComputerName$, but my application still does not work.

Am I on the right track, if so what user name do I specify? My DBA skills are not as sharp as they should be. Thank you.

Answer 1

I don't think you can use AppPool for remote SQL Server. Give machine account Domain\ComputerName$, access to SQL, or you can run AppPpool with domain user account (domain\username) and give this user access to SQL.

Domain\MachineName$ is more secure and maintainable as you do not have keep updating password for user every n months, and restricts to only one machine. If you have multiple IIS server then you have to go with domain\username method, and set AppPool to use this user account (Windows Auth).

I think You can also create group Domain group and add all (IIS) machine name on this group and give this group permission to SQL.