In IIS, several built-in Windows accounts are created automatically during installation. These include IUSR_MachineName, IWAM_MachineName, and ASPNET, each of which has specific privileges. Web applications will often require that the IUSR account have rights to connect to SQL Server Express.

Here’s how to give this account permissions in the SQL Server database, when the database is located on the same box as the application.


  1. Open  SQL Server Management Studio.

  2. Right click the folder “Users” in the path
    Databases > Database Name > Security

    2010-08-18_18.27.18.jpg


  3. Select New User. . . from the popup menu.

    2010-08-18_18.27.35.jpg


  4. The Database User window will open. Select Login name, and click the button to the right of the Login name text box.

    2010-08-18_18.28.10.jpg


  5. The Select Login window will open, defaulted to the “Logins” object type. Click the Browse button to choose from existing local accounts.

    2010-08-18_18.28.30.jpg


  6. Select [MachineNameIUSR_MachineName] from the list of available accounts and click OK.


    2010-08-18_18.29.25.jpg


  7. The selected name will show up in the object names window. Click OK.


    2010-08-18_18.29.46.jpg


  8. You will be returned to the Database User window. The selected name will show up in the Login Name window. Copy and past the same name into the User Name box just above it.

    2010-08-18_18.30.14.jpg


  9. Assign whichever schemas and roles are needed by the application. The one shown here, db_owner, is just for example and is too high for most applications. A more typical choice might be db_data reader and db_datawriter.

    2010-08-18_18.30.57.jpg


For more information and instructions on separate server scenarios, consult
Configuring an ASP.NET 2.0 Application to Work with Microsoft SQL Server 2000 or SQL Server 2005