35

I am getting this errror in my newly created website in Windows 7 and IIS 7.5. I created an SSL certificate and done binding new website.

HTTP Error 401.3 - Unauthorized
You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.

Earlier when I created the website, I selected 'application user(pass through authentication)' in 'Add Website' dialogue. and when I click "Test Settings ..." button, I get this error message:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that \$ has Read access to the physical path. Then test these settings again.

Please see attached image

Please suggest solution to this.

Thanks.

Rup
  • 33,765
  • 9
  • 83
  • 112
DotnetSparrow
  • 27,428
  • 62
  • 183
  • 316
  • 2
    Have you checked the directory permissions? If you are using Windows authentication with passthrough you need to ensure that the application pool and the accessing user has permission to the directory. – Tomas McGuinness May 05 '11 at 15:49
  • @ tomasmcguinness How can I check these permissions in IIS 7.5 – DotnetSparrow May 05 '11 at 15:51
  • 1
    Navigate to the document root directory for your site in explorer then check the folder properties, security tab. – Rup May 05 '11 at 15:52

4 Answers4

125

I had the same issue, ensured my DefaultAppPool was running under ApplicationPoolIdentity and the DefaultAppPool had permissions to the folder, but some files still didn't load.

Turns out my problem was that the anonymous authentication user was set to someone else instead of ApplicationPoolIdentity

Screenshot enter image description here

burnt1ce
  • 14,387
  • 33
  • 102
  • 162
Clarence Liu
  • 3,874
  • 2
  • 25
  • 29
  • 3
    If the other answer doesn't work, try this one! Worked for me. – Raul Nohea Goodness Jun 10 '13 at 17:25
  • 2
    I had searched around forever to find this. Thanks! What a weird configuration quirk. Oddly this only happened to me on my Win8.1 dev box, not my 2012 Server IIS install. – pseudosavant Nov 17 '13 at 23:55
  • 2
    This solution fixed issues I had with Win2012 R2 when my site was being hosted off a network share. I kept getting 401.3 Unauthorized errors even though I had set the NTFS/share permissions correctly. Turns out the Anonymous user was running as IUSR instead of AppPoolIdentity. – Bitmapped Dec 10 '13 at 02:40
  • This solution worked for me! This issue occured with .svg, .ttf and .woff file access. Changing the anonymous authentication to Application Pool Identity, fixed it. Thanks a lot! – Steven Apr 19 '14 at 15:33
  • Yep. This is the right answer. If I had any hair left, I would have pulled it out trying to solve this one: what a stupid default configuration. – Quark Soup Aug 18 '15 at 00:46
  • Thank you brother. You are a god! Windows Server 2012 R2 IIS 8.5. – sthames42 Feb 24 '16 at 20:32
  • I had the same issue for .css files. This solution worked for me. – Jyo Reddy Oct 14 '16 at 16:34
  • I was facing the same issue, and googled through a lot many articles. Finally, this one was the lifesaver! – Nirman Dec 22 '17 at 06:24
18

Make sure that application pool of your website and website both are running under the same identity. Then make sure that this identity has required permissions on the virtual directory. I had exact same issue and above two checks fixed it.

Suhas
  • 7,919
  • 5
  • 34
  • 54
2

IIS 7 also creates "IUSR" as default user to access files via IIS. So make sure user IUSR has read access to files/folders.

How to check if IUSR has read Access? Right Click -> Folder -> Properties -> Security Tab See if IUSR is in Group or user names list, If No.

Click Edit -> Add -> Advanced -> Find Now -> Select IUSR and click OK -->click Apply

Vijayasree S
  • 21
  • 1
1

The below worked for me. I did not set up an SSL, just a new website within IIS. Upon doing so I was immediately unable to access the website with this error message.

  1. When I created the new website, a new Application Pool was also created. The Identity of this Application Pool was set to ApplicationPoolIdentity. As mentioned by Suhas, the Application Pool of the website and the website itself must be running under the same identity. (I do not know how to check the identity of the website, but the Application Pool's Identity can be checked by going to Application Pools and looking at the Identity column). The default Application Pool name is DefaultAppPool. enter image description here

  2. I added permissions to the site (right click the site name -> Edit Permissions -> Security -> Edit -> Add), linking the site to the DefaultAppPool object, which in turn gives the site access to the default user and it's settings. (The default user is created when IIS is installed. Read more about this in Microsoft's docs). enter image description here

  3. I thought this would be all that's needed to obtain access, but this is incorrect. The website's Application Pool must also be set to DefaultAppPool. This can be done by right clicking on the site -> Manage Website -> Advanced Settings -> Change the Application Pool value to DefaultAppPool. enter image description here

andrewlundy
  • 1,073
  • 15
  • 22