So, I'm making a new ASP.Net webpage that is accessing a database through Integrated Security and it's testing fine on my local PC running under my user credentials. All is working fine and dandy.
I go to publish it to my live server and remember that I have to set the security of the directory to be other than the IUSR account in order to access my database. No problemo. I just fire up IIS and hop over to the directory tab.
I hop back over to my browser and I get this lovely message:
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
I recheck my username and password and sure enough they are valid. I check the directory permissions and they're set properly as well. Then I remember.. the ASP.Net temporary file location (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files) and sure enough that's set right too. So I check the IIS log file and it's as helpful as the error message.
So. Off to Google. First article mentions separating the Application Pool for separate user accounts. Seems unlikely, but I give it a whirl. Create a new App Pool. Set the Security, recycle IIS jsut for good measure and ... still the same error message.
It's getting to be quitting time.. so ... off to sleep on it.
I get back to work and check other ASP.Net apps that use security and they're all set in the Default App Pool (Which I really need to separate when I have some free time) and the security is set how I'd expect it.
I then notice something peculiar about the account that i'm using. It's a wee bit long. See, we used to use a common domain account for all our ASP.Net apps (ASPNet) but someone typed it in wrong once and it got disabled and all my apps failed. So, a year or so ago, I started creating new accounts for each ASP.Net application (ASPNetCalendar, ASPNetAgenda ... ). This account was named ASPNetContractorServiceRequest. Now, when I was creating the account I got some goofy error message about the name being too long, but I just ignored it figuring it was some old legacy error message. Turns out that the error message WAS important. When I created the account it actually truncated the name so 20 characters (ASPNetContractorServ) So, I changed the username and poof everything worked.