HTTP 403 Forbidden: Access is denied ASP.NET Web API

Question

I'm getting the following error when running our ASP.NET Web API project on our production server.

403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

Looking at the IIS 7.0 error logs the underlying error is

403.14 - Directory listing denied.

I have configured the production server so it has the same settings as the staging server (which works). The authentication, modules, authorization, permissions etc are all identical.

Following a suggestion in this thread 403 - Forbidden: Access is denied. ASP.Net MVC I have managed to get it working by adding runAllManagedModulesForAllRequests="true" to my web.config file.

<modules runAllManagedModulesForAllRequests="true">

Whilst this works I don't see this as a long term solution as it will cause unnecessary load on the server.

So it seems to indicate that something isn't getting loaded that should be getting loaded.

Have you checked UrlRoutingModule is installed? – Phil Cooper Nov 18 '16 at 12:15 — Phil Cooper, Nov 18 '16 at 12:15

score 3 · Answer 1 · answered Sep 26 '18 at 22:34

In my case, someone deleted default Asp Net MVC Home/Index route in RouteConfig.

After placing this code back to the RouteConfig.cs in RegisterRoutes method the problem was gone.

    routes.MapRoute(
        name: "Default",
        url: "{controller}/{action}/{id}",
        defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
    );

score 1 · Answer 2 · edited Sep 10 '20 at 15:54

1

The above error will pop up when you do not have the permission to access the folder/web.config file.

Try the following

In Windows Explorer, locate the web.config file that is associated with the application.
Right-click the web.config file
Click Properties.
Click the Security tab, and then click Edit.
Click Add.
In the Enter the object names to select box, IUSR, click Check Names, and then click OK.
Provide Full control, and then click OK.
In the Web.config Properties dialog box, click OK.

I think it should work .

edited Sep 10 '20 at 15:54

d219

2,707
5
31
36

answered Nov 17 '16 at 12:18

Sravan Dudyalu

185
3
15

I'd already granted that user full privileges when I configured the application initially. – DomBurf Nov 17 '16 at 14:49
This is the problem. It's a Web API (MVC) app so the default document is loaded via the URL routing, and that's why I suspect the issue is not related to permissions but to an assembly / module not getting loaded that takes care of this. Also, when I set in my web.config the problem disappears, thus confirming my suspicions. – DomBurf Nov 18 '16 at 09:13

score 1 · Answer 3 · answered Jun 21 '19 at 22:51

1

In case it helps anyone my issue was my publish options set to "Allow precompiled site to be updatable" and I was missing the file "PrecompiledApp.config" in my deployed API.

answered Jun 21 '19 at 22:51

DannyC

401
4
15

score 0 · Answer 4 · edited Oct 25 '18 at 13:11

0

You can follow this approach while deploying the application to production environment.

Publish the application in release mode.
Put your application in inetpub -- wwwroot folder because this folder have administrator rights.

Hopefully it should run.

edited Oct 25 '18 at 13:11

Eric D. Johnson

10,219
9
39
46

answered Nov 17 '16 at 09:43

Akhil Kumar

1
2

Unfortunately that hasn't worked. I'm not convinced the problem is related to permissions, despite the error message. I suspect it's trying to load the default page but there's an error in the routing due to the required modules not being loaded. Of course, I could be wrong. – DomBurf Nov 17 '16 at 10:02

score 0 · Answer 5 · answered Feb 28 '20 at 11:56

I recently faced same issue while configuring my site on iis (https). In my case, tried several solutions like:

Folder security and access rights, I gave IIS_USER access even to test gave everyone access on deployed folder also change IIS permission but no luck.
Enabled "Directory Browsing" but no luck
Enabled "Anonymous Authentication" but no luck
Reinstall https SSL certificate since using https but no luck

and several hit and try and at last I found!!!!

It was very tiny problem I choose "Precompile during publishing" while publishing my website/APIs and when i unchecked this option everything become normal and start working fine, not sure actual reason why this happen but to resolve you may try as showing in picture (visual studio 2019) below:

score 0 · Answer 6 · answered Nov 03 '21 at 08:41

0

My specific situation was that I had basic authentication and on the API controller in the Authorize decorator the role did not matchup with the role of the user I supplied for authentication. eg. [Authorize(AuthenticationSchemes =BasicAuthenticationHandler.SchemeName , Roles = "Tester") ]

answered Nov 03 '21 at 08:41

Goodwill Monoto

31
4

This does not provide an answer to the question. Once you have sufficient [reputation](https://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](https://stackoverflow.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/30246491) – João Dias Nov 03 '21 at 14:17

score -1 · Answer 7 · answered May 02 '17 at 14:27

-1

We missed deployment configuration, application pool associated with the application not exists. I created an application pool with the same name and this error has gone away.

answered May 02 '17 at 14:27

Pandiarajan

410
5
14

HTTP 403 Forbidden: Access is denied ASP.NET Web API

7 Answers7

Linked