This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 3%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
On the client’s network, the application server and database server are hosted on distinct machines (different servers). When accessing the database via an API developed using .NET Core 8, we encounter the following error:
Login failed for user 'Domainname\AppserverName'."
Here, ‘AppserverName’ represents the actual computer name of the application server. Additionally, to access the database, a connection string is created within the API layer.
We would like clarification on the following two points:
Q: Why is this user required for authentication?
Q: What steps can we take to resolve this issue in such a scenario?
It may also be noted that our applications (on ASP .Net 4.6.2) are working and connecting on this environment; however, the .Net Core 8 application is facing above issues.
Your post is missing information. If I had to guess, the intention is to use Integrated Security to allow the Web API application to connect to a SQL database. A common solution is configuring the Web API application to run under a Windows service account. This is done by first creating the service account. In IIS set the application pool Identity to the service account. In SQL Server add a new Windows User login which and use the name of the service account. Assign whatever SQL access roles are needed for the service account to function as expected. Finally update Web API's connection string to use integrated security.
It is possible to use the default application pool identity or one of the built in service accounts but it usually preferred to create a service account so the application has access to only resources the application needs to function properly.
Scenario 1: When this type of user is not explicitly added to the SQL Server Security section for Windows Authentication, the above error is encountered.
Correct. There must be a login for the account in SQL Server otherwise the account cannot login. If there's no login access then roles cannot be assigned.
Scenario 2: If this type of user is added in the SQL Server Security section but has a different functional username configured within SQL, the error persists.
The username in SQL must match the application pool identity.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
the error means the application is trying to connect to sqlserver using a trusted connection. for trusted connections the app pool account is used. but your app poo is using a local account, not a domain account. change the app pool account to a domain user that has access to the sqlserver.
note: you might check the app pool account for your working applications. also check their connect string to see if they used trusted or sql standard security.