IIS - 401 3 - Unauthorized

Question

I am trying to get started with using IIS  I created a new site on IIS Manager  mapped it to a folder on my file system and added index html to the folder  I have set the port to 85 for this site  When I try to access http   localhost 85 index html  I get the following error message      401 3 - unathorized - You do not have permission to view this directory or page because of the access control list  ACL    configuration or encryption settings for this resource on the Web   server    I gave read access to everybody on the folder and tried again  I could then access the page   I then compared the properties of my folder with that of wwwroot  I found that wwwroot had read access on IIS IUSRS   When I did the same on my folder and tried again  I got the above error again  I checkedthat anonymous access is enabled by default  but I still get this error   Why does this happen  What is the correct way to resolve the problem

User · Answer

Another problem that may arise relating to receiving an unauthorized is related to the providers used in the authentication setting from IIS. In My case I was experience that problem If I set the Windows Authentication provider as "Negotiate". After I selected "NTLM" option the access was granted.

More Information on Authentication providers

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/providers/

User · Answer

Try this solution   https   serverfault com questions 38222 iis-7-5-windows-7-http-error-401-3-unauthorized  Also check if the user running the IIS AppPool has read access to that folder file   Have a look at this   http   www iis net learn manage configuring-security application-pool-identities  Also have a look at this   http   www iis net learn get-started planning-for-security understanding-built-in-user-and-group-accounts-in-iis

User · Answer

Please enable the following items in Windows 2012 R2

User · Answer

I have struggled on this same issue for several days  It can be solved by modifying the security user access properties of the file system folder on which your site is mapped  But IIS IUSRS is not the only account you must authorize    In IIS management console  in the Authentication part of the configuration of your site  modify the  Anonymous authentication  line and check the account set as  Specific user   mine is IUSR   Give read and execution permission on the folder of your site to the account listed as the specific user    OR   In IIS management console  in the Authentication part of the configuration of your site  modify the  Anonymous authentication  line by selecting  Identity of the application pool  instead of  Specific user

User · Answer

TL DR  In most cases  granting access to the following account s   one both  will be enough   IIS AppPool DefaultAppPool IUSR  with Access Rights   Read  amp  Execute List folder contents Read  That s it  Read on for a more detailed explanation      Open IIS and select your application  On the right side click on Authentication  Select  quot Anonymous authentication quot  here  The following dialog pops up    Grant access to the web application folder s ACL depending what is selected in the pic above   Specific user  grant access for both IUSR  in my case    IIS AppPool DefaultAppPool Application pool identity  grant access for IIS AppPool DefaultAppPool only  IIS AppPool DefaultAppPool account is the default AppPool account for new IIS web applications  if you have set a custom account  use the custom one   Give the following permissions to the account s    Read  amp  Execute List folder contents Read

User · Answer

Just in case anyone else runs into this  I troubleshooted all of these steps and it turns out because I unzipped some files from a MAC  Microsoft automatically without any notification Encrypted the files  After hours of trying to set folder permissions I went in and saw the file names were green which means the files were encrypted and IIS will throw the same error even if folder permissions are correct

User · Answer

If you are working with Application Pool authentication  instead of IUSR   which you should  then this list of checks by Jean Sun is the very best I could find to deal with 401 errors in IIS     Open IIS Manager  navigate to your website or application folder where the site is deployed to    Open Advanced Settings  it s on the right hand Actions pane   Note down the Application Pool name then close this window Double click on the Authentication icon to open the authentication settings Disable Windows Authentication Right click on Anonymous Authentication and click Edit Choose the Application pool identity radio button the click OK Select the Application Pools node from IIS manager tree on left and select the Application Pool name you noted down in step 3 Right click and select Advanced Settings Expand the Process Model settings and choose ApplicationPoolIdentityfrom the  Built-in account  drop down list then click OK  Click OK again to save and dismiss the Application Pool advanced settings page Open an Administrator command line  right click on the CMD icon and select  Run As Administrator   It ll be somewhere on your start menu  probably under Accessories  Run the following command   icacls  lt path to site gt   grant  IIS APPPOOL  lt app pool name gt   CI  OI  M    For example   icacls C  inetpub wwwroot mysite   grant  IIS APPPOOL DEFAULTAPPPOOL   CI  OI  M       Especially steps 5   amp  6  are often overlooked and rarely mentioned on the web

User · Answer

Since you re dealing with static content     On the folder that acts as the root of your website- if you right click   properties   security  does  Users  show up in the list  if not click  Add     and type it in  be sure to click  Apply  when you re done

User · Answer

Create a new Site  Right Click on Sites folder then click add Site Enter the site name  Select physical path Select Ip Address Change Port Click OK Go to Application Pools Select the site pool Right-click the click Advance Settings Change the  Net CLR Version to  quot No Manage Code quot  Change the Identity to  quot ApplicationPoolIdentity quot  Go to Site home page then click  quot Authentication quot  Right-click to AnonymousAuthentication then click  quot Edit quot  Select Application Pool Identity Click ok boom   for routes add a web config  lt configuration gt       lt system webServer gt           lt rewrite gt               lt rules gt                   lt rule name  quot React Routes quot  stopProcessing  quot true quot  gt                       lt match url  quot    quot    gt                       lt conditions logicalGrouping  quot MatchAll quot  gt                           lt add input  quot  REQUEST FILENAME  quot  matchType  quot IsFile quot  negate  quot true quot    gt                           lt add input  quot  REQUEST FILENAME  quot  matchType  quot IsDirectory quot  negate  quot true quot    gt                           lt add input  quot  REQUEST URI  quot  pattern  quot    api  quot  negate  quot true quot    gt                       lt  conditions gt                       lt action type  quot Rewrite quot  url  quot   quot    gt                   lt  rule gt               lt  rules gt           lt  rewrite gt       lt  system webServer gt   lt  configuration gt

User · Answer

Here is what worked for me    Set the app pool identity to an account that can be assigned permissions to a folder  Ensure the source directory and all related files have been granted read rights to the files to the account assigned to the app pool identity property In IIS  at the server root node  set anonymous user to inherit from app pool identity   This was the part I struggled with    To set the server anonymous to inherit from the app pool identity do the following     Open IIS Manager  inetmgr  In the left-hand pane select the root node  server host name  In the middle pane open the  Authentication  applet Highlight  Anonymous Authentication  In the right-hand pane select  Edit      a dialog box should open  select  Application pool identity

[iis] IIS - 401.3 - Unauthorized

Examples related to iis

Examples related to iis-7