It's more common to set the impersonate attribute in web.config, not in machine.config. This has little bearing on your problem, however it's worth noting.
Have you granted the ASPNET user account permissions in Microsoft SQL Server? How are your users authenticating (via Forms-based authentication or via NTLM using Windows credentials)? Which version of IIS are you using?