140

I have setup a application in my IIS7 that uses .NET Framework 4.0 (runned by NetworkService) but when browsing the site I get this:

Access is denied.
Description: An error occurred while accessing the resources required to serve this request. You might not have permission to view the requested resources.
Error message 401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists). Ask the Web server's administrator to give you access to*

I have tried to give NetworkService full permission on the folder that holds the website (the one that the web application in IIS is pointing against) but I do still get the access denied?

Why?

Alessio Cantarella
  • 5,077
  • 3
  • 27
  • 34
Banshee
  • 15,376
  • 38
  • 128
  • 219
  • Could you please have a look at my answer on [ASP MVC in IIS 7 results in: HTTP Error 403.14 - Forbidden](http://stackoverflow.com/questions/1741439/asp-mvc-in-iis-7-results-in-http-error-403-14-forbidden/41363973#41363973). – Murat Yıldız Dec 28 '16 at 14:25

19 Answers19

306

I gave access to "IIS_IUser" but instead it should be "IUSR". That solved the problem.

reaper_unique
  • 2,916
  • 3
  • 28
  • 48
Banshee
  • 15,376
  • 38
  • 128
  • 219
  • This was my problem as well. It's funny how many different users there are. You also have IIS_IUSR (or is that what you meant with IIS_IUser?) and you can also add the application pool. – reaper_unique Jan 04 '13 at 23:20
  • 2
    This must be pinned to the front page where they distribute that IIS! – c00000fd Aug 03 '13 at 02:52
  • 40
    Site > Authentication > Anonymous Authentication > Edit > Specific user – Jonas Sep 30 '13 at 09:48
  • Excellent solution to my problem was almost pulling my hair out! Agree with @c00000fd should be pinned on all IIS support sites! – stephen ebichondo Jan 29 '15 at 22:33
  • 4
    worked like a charm! Added permissions to IUSR thought windows explorer folder properties, security tab. – Filipe Borges Mar 25 '15 at 14:32
  • Another thing to check when experiencing this problem: I created a test website on the desktop and added a virtual application in IIS and experienced this issue. I could not get IIS permissions to work. By moving the website to `%/inetpub/wwwroot` it worked. – Clarice Bouwer May 29 '15 at 15:34
  • I too have IIS_IUser and it has full control, still doesn't work. – Veda Dec 05 '15 at 23:20
  • 3
    I granted access to both IIS_IUser and IUSR , full control and it worked. – Ronald Nsabiyera May 30 '16 at 15:08
  • I was using a virtual directory, and also had to give read permission to IUSR for the project folder of the application. This is the folder containing the Web.config file. Right Click on the folder -> Properties -> Security -> Edit -> Add -> then add computerName\IUSR. – mogelbuster Jul 06 '18 at 11:20
  • I left both and this fixed it for me. – Sigex Aug 01 '18 at 10:23
  • I had to give both IIS_IUser and IUSR both read access on Windows 8.1 and IIS 6. – user752746 Oct 10 '18 at 06:10
  • Tip: If you still get the permission errors after this then you may need to do an iisreset in the cmd as Admin after doing this to get your site running in IIS. – Cory Koch Dec 20 '18 at 15:04
  • I has IIS_IUSRS but apparently what solved my issue was I needed IUSR – Vasily Hall Oct 17 '19 at 00:19
  • ok then it worked, anybody knows what couldv caused this problem. in my case i was doing some FTP access control – SoliQuiD Jul 16 '20 at 08:43
189

For me, nothing worked except the following, which solved the problem: open IIS, select the site, open Authentication (in the IIS section), right click Anonymous Authentication and select Edit, select Application Pool Identity.

Graham Laight
  • 4,700
  • 3
  • 29
  • 28
  • 2
    Nice. Worked for me on Win Server 2012 IIS 8, for ASP Classic Website. – Ben_Coding Aug 07 '14 at 21:50
  • this helped.. but you have to reset whole server for settings to apply.. tried to reset page by page and it didn't work. – sensei Mar 16 '15 at 13:03
  • Had to do this for a new application within an existing Web Site targeting a different .NET runtime that was giving me a 401 at the document root of the application (accessing *.aspx pages directly worked, whereas the document root wasn't). – Matt Borja Dec 11 '15 at 16:57
  • Thanks. Worked at first try. – GutierrezDev May 05 '16 at 17:44
  • Works perfect if your AppPool runs as NETWORK SERVICE – Serge V. Mar 10 '20 at 20:12
  • 3
    You answered a question in 2013, it is working in August 2020! Thanks – Sharif Yazdian Aug 03 '20 at 18:29
  • This method works for me, and alternatively, disable Anonymous Authentication, enable Windows Authentication and add IIS_IUSRS into the permission also have the same result. – Json Feb 28 '23 at 16:14
14

I had the same problem, I enabled "Anonymous Authentication" but it still did not work. So I also ENABLED "Forms Authentication" Then it worked without any problems.

Enkosi X
  • 403
  • 4
  • 11
5

OS : Windows 7 & IIS 7

If you still have permission denied after adding IUSR & NETWORK SERVICE. Add also IIS_WPG. The addition of this last user solved my problem.

For people who can't find those users: when you're trying to add a user in security of the folder (properties of the folder), click on "Advanced" of the window "Select Users or Groups". Change the location to the computer name then click on "Find Now". You'll find those users in the list below.

Volkan
  • 686
  • 1
  • 9
  • 17
5

If you're using Anonymous Authentication, IIS 7 will use the "IUSR" account for directory access (unless you've set it to use the app pool identity. If you haven't granted IUSR sufficient permissions on your site's folders and files, you'll get this error

ssis_ssiSucks
  • 1,476
  • 1
  • 12
  • 11
4

For me in windows 7 it started to work only after I gave 'Read & execute', 'List folder contents', 'Read' permissions to site folder for both users

  • IUSR
  • NETWORK SERVICE

IUSR permissions NETWORK SERVICE permissions

Vitalii
  • 10,091
  • 18
  • 83
  • 151
4

Tried most of the solutions here, but no luck. What worked for me was adding "Everyone" to the security permissions. Properties -> Security -> Edit -> Add -> Everyone. The given defaults were enough for me to regain access.

In the near future, I should probably figure out what credentials are being sent to the server so that I can give proper permissions. But I hope it helps someone!

midoriha_senpai
  • 177
  • 1
  • 16
2

In the Authentication settings for APP itself (IN IIS), see if you have anonymous enabled.

Matt
  • 25,943
  • 66
  • 198
  • 303
2

We need to create a new user ComputerName\IUSR by going to the website folder-->Properties--->Security--->Edit-->Add and give read access. This would work definitely.

This solution is for IIS7

Raj Pandey
  • 21
  • 2
2

I went round and round on this and it turned out to be improperly set default page. Hope this helps someone else avoid an hour of wasted time.

Duane Boudreau
  • 130
  • 10
2

After some thinking and a lot of of trial and error I found out that this error occurred because part of my web.config was encrypted and for some reason the key was no longer valid.

Re-encrypting the config section solved the issue.

marsze
  • 15,079
  • 5
  • 45
  • 61
2

In my case running c:\windows\Microsoft.Net\Framework64\v4.0.30319\aspnet_regiis.exe /i resolved the 403 access denied issue.

Andreas Schneider
  • 481
  • 3
  • 5
  • You're the real MVP! Thank you very much! Just saved me some more headaches with this error! – Xhens Sep 20 '18 at 20:02
2

Checking the Application Pool Identity in Anonymous Authentication and enabling Forms Authentication would solve problem for access denied error.

ADARSH BIDARI
  • 29
  • 4
1

After watching this tutorial :

https://www.youtube.com/watch?v=RbrZbHpXBTE&list=PLp1Emx1rT4z9YWLDXBjUwBb130qv2Zq2x&index=4&ab_channel=LearningProgrammingTutorial

I had the same problem using RDP ( windows server 2016 Datacenter ) i followed the tutorial above & enbaled my directory browsing options from the IIS internet infromation services manager.

error screenshot

what you want to do is to access your IIS manager , you can check out the tutorial above to learn how to access IIS manager if you have trouble acessing there , it was useful for me that's why I'm sharing then ... go to :

go to authentication

you should gave access to IUSER

you should gave access to IUSER ( or application tool identity , depends or what you want to work with ) and your problem would be solved! :)

Also you need to check your firewall and TCP settings , if ping between two machines didn't work for you , you can check this out : https://operavps.com/rdp-connection-issues/

iifast2
  • 303
  • 1
  • 3
  • 9
0

It was due to WWWRoot directory security issue.

Simple solution is, Just copy applicatio folder to some other drive, Instead of "C:\Inetpub\wwwroot" and then create a virtual directory for this new path. That's it.

Madhu S Reddy
  • 11
0

This is what happened to me:

Get - Post is ok. Working well.

When I try to use Options verb, the server return error like that.

403

Then, beware with urlScan

I add OPTIONS verb to urlscan configuration .ini file, then everything works well.

To check if urlscan is installed or not, open your iis manager, and open ISAPI FILTERS url scan should appear at the list.

toha
  • 5,095
  • 4
  • 40
  • 52
0

If the IUSR user is already specified in Authentication and you're still getting this issue, it could be that your Directory Listing isn't enabled. Be sure to check that. That was the case for me.

visokoo
  • 83
  • 1
  • 4
0

I was also facing the same issue, Everything was normal all the rights were given to the user and for folder as well. After many research i found that the wwwroot (Source code folder) was shared with some other user. I stopped sharing and it worked like a charm.

Pradyumn Agrawal
  • 1
0

I was facing this issue after pulling from remote master and adding to the appsettings on web.config. I solved it by enabling Windows Authentication:

Click on the project and press f4

Make sure Windows Auth is enabled:

enter image description here

Haukland
  • 677
  • 8
  • 25