Can someone explain what causes this to happen? I am logged into a web server with UserA. UserA has full access to a directory where files are hosted in IIS. When I browse an .asmx file in the directory UserA has full access to using IIS, I get a password prompt. I input my credentials in, and no matter how many times I try, I get a 401.1 access denied. The only type of authentication being used on this site is Windows authentication.
I just fail to understand why a user with full access to the files is denied access to them by IIS. Can someone please explain what is happening here?
This is IIS 7.5. Windows Server 2008
Related
I’m currently developing a web site that uses windows authentication, with ApplicationPoolIdentity configured with Identity=Application Pool. I can connect by login with my administrator user when asked by the browser and it works perfect, but if any other user tries to access, the browser asks for the credentials 3 times and then it throws a 401 Error.
Test scenarios:
If the server is configured with Anonymous Authentication ON, everybody is able to open the page.
If I try to set the application pool Identity to a regular user account, IIS doesn’t recognize the user/password provided.
The folder C:\inetpub\ was set with full control to Everyone, but the users can’t connect anyway.
The folder C:\inetpub\ was set with full control to a specific user, but the user can’t connect anyway.
Following a recommendation from another post, the following section was added to the web.config :
<authorization>
<allow users="*"/>
</authorization>
The windows logs in the Event Viewer don’t store anything about a failed login.
thanks for your comments
Update
i enabled and add Failed Request Tracing Rules to web site
it was result
ModuleName :IIS Web Core
Notification : AUTHENTICATE_REQUEST
HttpStatus : 401
HttpReason : Unauthorized
ErrorCode : Access is denied (0x80070005)
i searched this error but the post tell me, maybe permissions, but i set everyone as full control and it doesn't working
i having a problem when i tried to use a domain user as a specified user name in basic settings-> connect as. I want to access a shared folder that located in another server.
The web server always says if the username or password isn't correct and always throw 500.19 error when I started to browse the application.
Error Capture
However when I explore the app from IIS, it can be opened. I even tried a remote login to the server using the same username and password and it's just fine.
Image 2
The server I am using for running the web server is a Workgroup computer and in a DMZ. Is that a reason why IIS can't authecticate domain user?
Sorry for my terrible english here, because i'm in panic situation right now. I hope you can understand what i'm asking about and hope somebody has an answer. Thanks
You're right, if your computer is not joined to the Active Directory domain, you won't be able to authenticate using a Domain account.
Should the site be publicly accessible? If so, you would want to set your authentication to Anonymous and then configure the authentication settings to authenticate either as a built in user (NETWORK SERVICE, AppPoolIdentity) or a local machine user created specifically for the application.
Click the Connect button to download the RDP file for a VM in Azure Portal results in...
Server Error in '/' Application.
Access is denied.
Description: An error occurred while accessing the resources required
to serve this request. This may have been caused by an incorrect user
name and/or password.
Error message 401.1: Logon credentials were not recognized. Make sure
you are providing the correct user name and password. Otherwise,
contact the Web server's administrator for help.
Tracing this I think I understand why as I see no creds are passed in any header.
The Request is a POST to
https://portal.azure.com/api/FileDownload?filename=<myVMfilename>.rdp&mimeType=application%2Frdp&dataType=text
This is on a Mac using Safari.
It seems Safari can't download Azure VM RDP file, please try to use other browser to download the RDP file, ex. Chrome.
I have a web application that is trying to access images from a shared folder on a different server.
In my web app, I created a new virtual directory. The alias is QCPhotos and the path is \alta\QCPhotos. Alta is a different server than my web server, which is Brighton.
I am getting the error:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
In trying to debug, on the Alta server, I have given the Everyone user full access to this folder. I also gave {domain}\Brighton$ full access to the folder.
I turned on Directory Browsing, and that seems to work fine. I can list the contents of the folder, but as soon as I click on a jpg image, this error comes up.
Well, I'm still not sure why it wasn't letting me access, but I created a domain user acct named QCPhotos. I gave that user read permissions on the folder, and then set the virtual directory to use this user in IIS. This fixed my problem.
When I setup IIS6 to develop projects locally I have to enable "Integrated Windows Authentication" under directory security in order for my CSS & Images to show up. (Note: I have double checked that network service has rights to all directories in my web application)
However this often causes my browser to prompt me for windows login username and password when I am running the application.
Is there anyway to get around entering a windows login password all the time ?
(I am using windows xp pro 64bit)
Maybe it is some problem with the kerberos authentication to your web site. Just disable it on your site. from the c:\Inetpub\AdminScripts directory run this command.
cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "NTLM"
Or change the authentication to anonymous. And make sure that the user in the directory security tab (IUSR_computername) has access to said directories. It is not the application pool user who access files and other resources.
Well it certainly is not as it's supposed to be!
You say you've double checked that Network Service has access to the directories. But with anonymous access, the account that needs access is the IUSR_[machinename] account. The account is specified under the Directory Security tab.
If all else fails, for local development you might as well grant everyone access to the directories.