Authentication And Identity Flow When ASP Page Consumes ASP.NET Web Service

"Classic" ASP has application isolation that is different from ASP.NET. Here is one of the real world scenarios where it might matter.

There is a legacy web application written in ASP and hosted on Win2K3 box (IIS 6.0). It is of course in the process of migration to ASP.NET. As part of the migration process there were several ASP.NET web services factored out of the classic ASP app. These web services are hosted on another Win2K3 box and require windows authentication. Classic ASP must consume these web services while satisfying the requirement of windows authentication. ASP page consumes the web service via .Net COM interop invoking .Net component:

The question here is what is this account that ASP page authenticates to ASP.NET web service on another machine?

It is common mistake assuming that the account is the application pool's one. ASP does not run in the context of the application pool. In case of anonymous access It runs in the context of what defined for anonymous user:

Said that, in order to let ASP page authenticate to ASP.NET web service based on windows authentication one needs to define domain account in above property page for virtual directory where ASP resides. This is the account that will hit the ASP.NET web service.