Luckily I have found the solution. I'd provided the web config content but I had not given you the code I use to access the connection string from code behind. Here's the code:
string conString = ConfigurationManager.ConnectionStrings[0].ConnectionString;
As I was suspecting Integrated Security attribute being added automatically I was almost sure that some other connection string was retrieved. I tired changing ConnectionStrings[0] to ConnectionStrings["main"] and voila, it worked. So although there's only one connection string in the configuration file, the 0th one is not the one I needed. When I displayed the 0th connection string look what I got:
data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true
I'm sure you guessed where it comes from, from the machine.config file. So to make everything clean and safe I've once more been convinced that accessing by name is most of the time a better idea.