We have a classic ASP application. I'm trying to clone it on the same server, with the same instance of IIS7, so we have a dev version. I copied the files, and duplicated all of the configuration that I can find in IIS manager.

The problem is DB access. The new copy is using the same Application Pool as the old one and the same connection string, but when I create ADODB.Connection and call conn.Open(str) with the same old connection string, that call throws "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.".

That is not the user account the application pool is using, but that seems not to matter.

"Provider=SQLOLEDB;Data Source=OURSVR;Initial Catalog=OURDB;Integrated Security=SSPI;"

So: How do you force Classic ASP to impersonate a user account other than NT AUTHORITY\ANONYMOUS LOGON?

The Anonymous User Identity is what counts. So you have to make that correct. In this case, the application pool has the identity I want the application to use, but this application wasn't actually using it.

In IIS Manager for IIS7, left click on the application in the tree, and click the "Features View" tab at the bottom of the middle pane.

Under "IIS" (I've selected "Area" in the "Group by:" drop-down up top in that pane), find "Authentication" (or "Authentic...", if the listview doesn't have focus).

Double click it. "Anonymous Authentication" should be enabled (it was).

Right click "Anonymous Authentication" and select "Edit..." from the context menu.

Change "Anonymous user identity:" from "Specific user:" ("IUSR") to "Application pool identity" and click OK.

Restart the web server.