No, it's the app pool service account on which our asp.net application runs, not the sql server.

This service account has access to the DB's and our asp.net authentication is set to anonymous.

I think this is how it works: when a user browses an app, and the request comes to the server and if auth type is anonymous then the app pool's identity(set as service account in my case) is used for further processing.