I have an internal website that is using integrated windows authentication and this website uses sql server & active directory queries via the System.Directory.Services namespace.
To use the System.Directory.Services namespace in ASP.NET I have to run IIS under an account that has the correct privileges and importantly have impersonation set to true in the web config. If this is done then when I make a query against AD then the credentials of the wroker process (IIS) are used instead of the ASPNET account and therefore the queries will now succeed.
Now if I am also using Sql Server with a connection string configured for integrated security ('Integrated Security=SSPI') then this interprets the ASP.NET impersonation to mean that I want to access the database as the windows credentials of the web request not the worker process.
I hope I'm wrong and that I've got the config wrong, but I don't think I have and this seems not to be inconsistent?
It should be noted I'm using IIS 5.1 for development and obivously this doesn't have the concept of app-pools which I believe would resolve the problem.