1

I've just wrote a legacy app on IIS 6.0 (.NET 1.0, don't even ask why!). One of the requirements is to have "Integrated Windows Authentication" disabled on the Virtual directory. 

http://localhost/test.html

When I disable that, I get a error 401.1 on the IIS root's test.html, which consists of "Hello World"

You are not authorized to view this page You do not have permission to

view this directory or page using the credentials that you supplied.

Please try the following:

•Contact the Web site administrator if you believe you should be able to view this directory or page. •Click the Refresh button to try again with different credentials. HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS)

When IWM is enabled, the website works like a gem.

Does anyone know what is the root cause? This doesn't appear to be an issue with my app since even the default test.html fails with authentication

Kyle
  • 915
  • 8
  • 18
  • 34
  • 1
    https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/035dcfd0-9a36-4788-b3b6-91dc6a9d9936.mspx?mfr=true perhaps? – Joachim Isaksson Dec 13 '13 at 16:16
  • Anonymous access was already enabled by default – Kyle Dec 13 '13 at 16:27
  • Could you please have a look at my answer on [ASP MVC in IIS 7 results in: HTTP Error 403.14 - Forbidden](http://stackoverflow.com/questions/1741439/asp-mvc-in-iis-7-results-in-http-error-403-14-forbidden/41363973#41363973). – Murat Yıldız Dec 28 '16 at 14:25

2 Answers2

1

You will most likely need to set the correct folder permissions for the 'Anonymous' user on the folder you are accessing.

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f594e137-e2da-4b22-ab58-f8edba938802.mspx?mfr=true

edit: this is the more relevant link: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/9ded7af2-fcb7-4ed2-b007-e19f971f6e13.mspx?mfr=true

Rudi
  • 3,124
  • 26
  • 35
  • IUSR_CATXXXXXX was already added to C:\Inetpub\wwwroot with Read & Execute, List Folder Contents and Read permissions. test.html sits under C:\Inetpub\wwwroot\test.html – Kyle Dec 13 '13 at 16:26
  • Silly question but still: have you verified which user is configured as anonymous? And Anonymous Access is enabled? – Rudi Dec 13 '13 at 16:36
  • yes I have verified the user. It is a member of Guest group and it has the permissions to the root folder Anonymous Access is also checked.. – Kyle Dec 13 '13 at 16:47
1

Issue was resolved with removing Guest and Anonymous restriction from the local security policy

Kyle
  • 915
  • 8
  • 18
  • 34