HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers (for anonymous authentication)

Question

I'm getting this error when I try and access my website:-

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.
Most likely causes:
•   No authentication protocol (including anonymous) is selected in IIS. 
•   Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication. 
•   Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server. 
•   The Web server is not configured for anonymous access and a required authorization header was not received. 
•   The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access. 
Things you can try:
•   Verify the authentication setting for the resource and then try requesting the resource using that authentication method. 
•   Verify that the client browser supports Integrated authentication. 
•   Verify that the request is not going through a proxy when Integrated authentication is used. 
•   Verify that the user is not explicitly denied access in the "configuration/system.webServer/authorization" configuration section. 
•   Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here. 
Detailed Error Information:
Module     UrlAuthorizationModule
Notification       AuthorizeRequest
Handler    ExtensionlessUrlHandler-Integrated-4.0
Error Code     0x80070005

Physical Path      D:\Logs
Logon Method       Anonymous
Logon User     Anonymous

More Information:
This error occurs when the WWW-Authenticate header sent to the Web server is not supported by the server configuration. Check the authentication method for the resource, and verify which authentication method the client used. The error occurs when the authentication methods are different. To determine which type of authentication the client is using, check the authentication settings for the client. 
View more information »
Microsoft Knowledge Base Articles:
•   907273 
•   253667

I have to use Anonymous authentication only, can anyone help please?

Answer 1

For me, the solution was to go into IIS Manager, select the website, right-click on Authentication, select Open Feature, and then enable Anonymous Authentication.

This SO question has more possible solutions since it seems that there's a myriad of different reasons:- HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers

Answer 2

This unbelievably vague question and answer actually led me to the proper solution for the specific problem of HTTP 401.2 Unauthorized against an Anonymous Authentication resource in IIS. The "Authorization Rules" element within IIS allows a explicit Allow/Deny entries, with an explicit option for "All Anonymous Users." Specifying this solved an access problem I spent the better part of a day trying to resolve, and I thought I'd add the additional detail here.

Answer 3

Bit late to the party but hope this helps someone else. This happened to me when I deployed a site to a brand new web server. The fix was to go into 'Authorization Rules' and create a new rule that allows 'all users'. I did it on the server level so it will inherit to all sites moving forward. Otherwise if you do it on the site level, it manages it via the web.config, and I'm guessing that you lose the setting if you overwrite the web.config with a version that does not include the rule.

Answer 4

Ok, Finally i got solution to my problem.

'Authorization Rules' were not set up on system.

I setup required 'Authorization Rules' and able to browse site successfully.