Windows 或集成身份验证意味着使用 Windows 凭据(或令牌)识别用户，但并不意味着该请求正在该用户下运行.ASP.NET 运行时将在工作进程(应用程序池)身份下执行请求，除非您将其配置为模拟其他身份.

Windows or Integrated authentication means that user is identified using windows credentials (or token) but it does not means that the request in running under that user. ASP.NET run-time will execute the request under worker process (App Pool) identity unless you configure it to impersonate some other identity.

因此，当您使用开发服务器访问站点时，服务器以您的身份运行，因此对 s-s-rS 和 Sql Server 的访问是在您的身份下完成的，并且可以正常工作.

So when you are accessing the site using development server, the server is running under your identity and so access to s-s-rS and Sql Server is done under your identity and it works.

当您在 IIS 下加载站点时，ASP.NET 请求将在为应用程序池配置的任何身份下运行.通常，此身份是本地用户，因此将拒绝访问 s-s-rS 或 Sql Server 等网络资源.添加 <identity impersonate="true" username="your name" ../>，ASP.NET 将以您的身份运行请求，这应该适用于 s-s-rS 和 Sql Server.

When you loaded your site under IIS, ASP.NET request would be run under whatever identity is configured for the application pool. Typically this identity is local user and hence access to network resources such as s-s-rS or Sql Server would be denied. Adding <identity impersonate="true" username="your name" ../>, ASP.NET will run requests under your identity and that should work for both s-s-rS and Sql Server.

这里奇怪的情况是 <identity impersonate="true"/> - 在此设置下，ASP.NET 将模拟当前经过身份验证的 Windows 身份.但是，为了使其正常工作，您必须在集成身份验证上配置 IIS 和 ASP.NET 并拒绝匿名访问(在 ASP.NET 和 IIS 中).如果不这样做可能会导致无法验证当前用户的身份，并且请求将在匿名用户的身份下运行(如 IIS 中的配置).如果您在 IIS 中而不是在 ASP.NET 中标记了集成身份验证，那么身份将不会传递给 ASP.NET 请求.您需要检查您的环境以了解您遇到的确切情况，但最终结果是您的 ASP.NET 请求在可以访问 SQL Server 但不能访问 s-s-rS 的凭据下运行.

The curious case here is <identity impersonate="true" /> - under this setting, ASP.NET will impersonate currently authenticated windows identity. However, for this to work correctly, you have configure both IIS and ASP.NET on integrated authentication and deny anonymous access (in ASP.NET as well as IIS). Failing to do so may result in not authenticating current user's identity and the request would be run under anonymous user's identity (as configured in IIS). If you marked integrated authentication in IIS but not in ASP.NET then identity would not be passed to the ASP.NET request. You need to check your environment to see what exact scenario you had faced but ultimate result was your ASP.NET request was running under credential that has access to SQL Server but not to s-s-rS.