I'm trying to figure out how a user is able to access our database via webpage but isn't in any group, that I know of, that has access to the group.

I'm not familiar with security for either of these, SQL Server and ASP.Net.

INFO:
For the webpage, which is built with ASP.Net, we use the following connection string: Data Source=[ServerName];Initial Catalog=[DatabaseName];Integrated Security=True

We have a user in the SQL Database 2005 for NT AUTHORITY\NETWORK SERVICE.

Where would I check in IIS 6 on a Windows 2003 R2 box for permission to access the website?


If more information is needed, please ask.