19

I have an MVC4 web application deployed on a Windows 2012 R2 server with IIS 8.5. I configured the Application Pool to run with a custom domain account because the web application needs to call another webservice on the network with Windows authentication enabled.

When i try to reach the page from my browser, i get many "error 500" for my .css, .js files. When i try to browse directly to one of these files, i get an "HTTP Error 500.0 - Internal Server Error" page displayed instead of the content of the script or css. I tried with a simple .txt file, and i get the same error.

Detailed Error Information:

  • Module : IIS Web Core
  • Notification : AuthenticateRequest
  • Handler : StaticFile
  • Error Code : 0x80070542
  • Requested URL : http://{hostname}:8082/test.txt
  • Physical Path : C:\inetpub\wwwroot\aaa\test.txt
  • Logon Method : Negotiate
  • Logon User : {DomainName}\{MyUserLogin}

On the server i gave full NTFS permissions to "Everyone" for the entire C:\inetpub\wwwroot\aaa folder and child folders.

I made the account running the Application Pool part of the local "Administrators" group. It does not change anything, i still get the same error message.

However, if i open the web page directly from the server with localhost, everything works fine.

So i am running out of ideas here. Any suggestions ?

Thanks !

Yann
  • 425
  • 1
  • 5
  • 16
  • As a test, do things work if you use `LocalSystem` for you app pool identity? If not, it sounds like a configuration problem. Maybe you don't have all the features and roles installed on the server. – Rick S Jun 03 '14 at 21:13
  • Thanks for the suggestion. But this would not work because at a later point the web app needs to call another webservice and LocalSystem would not have sufficient priviledges to access it. – Yann Jun 03 '14 at 21:20
  • 1
    But i found something, if i change the application pool "managed pipeline mode" from "Integrated" to "Classic" everything works. Trying to understand the diffence between the 2 with this : http://stackoverflow.com/questions/716049/what-is-the-difference-between-classic-and-integrated-pipeline-mode-in-iis7 – Yann Jun 03 '14 at 21:22

3 Answers3

36

I found the answer to my issue (identical but with Logon Method: Anonymous instead) over here: Unauthorized access error to html pages in IIS 7.0

Essentially: "After some struggles I found out that in IIS manager->My Site->Authentication->Anonymous Authentication->Edit the identity used for anonymous authentication was set to a specific user by default (IUSR). Setting it to use the application pool identity fixed it for me"

enter image description here

Jeremy Thompson
  • 61,933
  • 36
  • 195
  • 321
Dalek Control
  • 587
  • 5
  • 7
  • This worked for me on IIS 10/Windows Server 2019 when running the app pool as a domain service account. I was getting a 500 server error just requesting a static CSS file. – Greg Burghardt Mar 15 '22 at 14:55
  • Another IIS 10 / 2019 stack here, this worked! Finally can carry on work after being stuck for a couple of days. No idea why the default setting differs from other servers on the environment. – Fabo.sk Mar 27 '23 at 13:29
1

this works for me as well in IIS 10. thank you!

btw, I also found the other solution from https://serverfault.com/questions/50160/500-error-when-using-custom-account-for-application-pool-in-iis-7 "Worked for me thanks! But in addition here is how to do it step by step for dummies like me: Start > Local > Security Policy > Local Policies > User rights Assignment > Impersonate a client after authentication > Add User or Group... > Select IIS_IUSRS – Wowe" I couldn't try this alternative due to no permission

Huky
  • 11
  • 1
0

In my case, I had the App Pool identity set for Anonymous auth. I disabled and re-enabled Anonymous Auth and all worked.. First time ever (>10yrs) this happened to me! Thanks 1 hour of time killed.

Vinnie Amir
  • 557
  • 5
  • 10