401 Unauthorized: Access is denied due to invalid credentials

Question

I am using IIS Express to deploy MVC4 application. This website runs perfectly on same computer. But in Lan it gives me error 401.

<authentication mode="Forms">
    <forms loginUrl="~/" slidingExpiration="true" timeout="20">
    </forms>
</authentication>

In home controller

[HttpPost]
[AllowAnonymous]        
public ActionResult Index(LoginModel model, string returnUrl)
{
}

I am starting IIS server from command prompt in Administrator mode. IIS responds to the request with error 401.

Any clue?

Answer 1

I realize this is an older post but I had the same error on IIS 8.5. Hopefully this can help another experiencing the same issue (I didn't see my issue outlined in other questions with a similar title).

Everything seemed set up correctly with the Application Pool Identity, but I continued to receive the error. After much digging, there is a setting for the anonymous user to use the credentials of the application pool identity or a specific user. For whatever reason, mine was defaulted to a specific user. Altering the setting to the App Pool Identity fixed the issue for me.

1. IIS Manager → Sites → Website
2. Double click "Authentication"
3. Select Anonymous Authentication
4. From the Actions panel, select Edit
5. Select Application pool Identity and click ok

Hopefully this saves someone else some time!

Answer 2

If you're using IIS 7 do something like this:

1. Select your site.
2. Click on error pages.
3. Edit feature settings.
4. Select detailed errors.

Answer 3

Make sure that you enabled anonymous authentication on iis like this:

Answer 4

In case anyone is still looking for this, this solved the problem for us:

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1. Open IIS and select the website that is causing the 401
2. Open the "Authentication" property under the "IIS" header
3. Click the "Windows Authentication" item and click "Providers"
4. For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Here is the link where this was found.

Answer 5

I had this issue on IIS 10. This is how I fixed it.

1. Open IIS
2. Select The Site
3. Open Authentication
4. Edit Anonymous Authentication
5. Select Application Pool Identity

Answer 6

I realize its an old question, but this came up in my searches. Had a similar issue for an MVC application recently built, deployed for the first time, and Authentication mechanism wasn't completely hashed out.

It wasn't an IIS setting in my case, it was a Controller that was not [AllowAnonymous] decorated. I was using a Render.Action/Html.Action in a Layout.cshtml and the User was unauthenticated. So the Layout tried to load an Authenticated Action in an UnAuthenticated context.

Once I updated the action to AllowAnonymous, the problem went away, and this is what led me to it.

Hope this helps someone.

Answer 7

I faced this error when I created an empty project with the MVC folders and then deployed the application to the server. My issue was that I didn't define the authentication in Web.config, so all I had to do was add this line to a system.web tag.

<system.web>
    <authentication mode="None"/>
</system.web>

Answer 8

I faced similar issue.

The folder was shared and Authenticated Users permission was provided, which solved my issue.

Answer 9

i faced the same issue under IIS 8.5. A working solution for me was changing the IIS to display detailled errors. See answer from sna2stha. But i think it is not a good idea to forward detailed error messages to browsers in production enviroments. I added/changed the existingResponse attribute in the httpErrors-Section, so the IIS not handled any extisting Asp.net Response:

<system.webServer>
   <httpErrors existingResponse="PassThrough" />
</system.webServer>

This works for me.

Answer 10

I had a similar issue today. For some reason, my GET request was fine, but PUT request was failing for my WCF WebHttp Service

Adding the following to the Web.config solved the issue

 <system.web>
  <authentication mode="Forms" />
 </system.web>

Answer 11

Right click on the main directory where the project files are located.

Properties-> Security-> Edit-> Add-> type IIS_IUSRS and click on "Check Names" button.

The result will look like ComputerUsername\IIS_IUSRS

For example: DESKTOP-M0R6PVF\IIS_IUSRS

and then click on "Ok" button.

Answer 12

In my case, what made it work was changing the Anonymous User identity from Specific user (IUSR) to Application Pool Identity. Weird enought because other sites are using the specific user IUSR and work fine.

Answer 13

As so many answers have demonstrated, the error might be caused by a variety of reasons. In my case it was connected to authorization rules: they were added much later after the application was deployed. This feature of IIS is turned on as a Windows component (World Wide Web Services->Security->URL Authorization).

This particular section inside web.config was to blame:

<system.webServer>
  <security>
    <authorization>
      <remove users="*" roles="" verbs="" />
      <add accessType="Deny" users="?" />
      <add accessType="Deny" users="user1,user2" />
      <add accessType="Allow" users="*" />
    </authorization>
  </security>
</system.webServer>

Thus the record for users="?" blocked access to a path with anonymous authentication too since it inherited the rules by default. However, in IIS you can go to a particular folder/file that should be accessed anonymously and choose Authorization Rules:

Here it's possible to overwrite the rules locally by removing the old one and optionally adding the allowed rule instead to make it more explicit:

Answer 14

I had a permissions issue to a website and just couldn't get Windows authentication to work. It was a folder permissions rather than ASP.NET configuration issue in the end and once the Everyone user was granted permissions it started working.

Answer 15

I had a slightly different problem. The credential problem was for the underlying user running the application, not the user trying to login. One way to test this is to go to IIS Management -> Sites -> Your Site -> Basic Settings -> Test Settings.

Answer 16

You can press F4 on the web project to get the "Project Properties" window.

Then make sure Anonymous Authentication is Enabled in the "Development Server" section:

Answer 17

In my case,
My application is developed in MVC and my home controller class was decorated with [Authorize] which was causing this issue.
So I've removed it because my application don't require any authentication.