Forms Authentication with IIS 7.5 - Not Authorized

Question

I have a Web application deployed to Windows Server 2008 R2 with IIS 7.5. The application is ASP.NET MVC 3 with .Net Framework 4.0.

Authentication Settings: Anonymous and Forms Authentication is enabled. I've set the Anonymous user identity value under the Anonymous properties to point to "Application pool Identity" instead of a specific user.

Web.Config

When trying to remotely access the application from my machine, I get the message "401 - Unauthorized: Access is denied due to invalid credentials." when accessing the "Account/Logon" page.

I have no problems accessing the app on my local machine through visual studio. I can also access the app on the Windows 2008 Server without any issues. Only when I try to access the app on the server from my local machine do I get the problem.

Any ideas?

Some additional Notes: - It's failing before I get to the login screen.

I had a similar problem somedays ago, see if it helps you. Also reset the default anonymous configuration for IUSR_YourPC. http://stackoverflow.com/questions/15030515/simple-forms-authenticated-website-does-not-redirect-after-login — CoderRoller, Mar 01 '13 at 19:27
How to you determine if the server allows Forms Authentication. — Elim99, Mar 01 '13 at 20:20
Right Click on the Virtual Directory containing the WebApp then: -Go to the Directory Security Tab -Click on Modify -Unchecked Integrated Windows Authentication -Anonymous Access has to be checked as well. This how it looks like on the IIS6 GUI(Spanish): http://s7.postimage.org/m95dx2zxn/form_Auth_Setts.jpg Also check this: http://stackoverflow.com/questions/6447728/formsauthentication-loginurl — CoderRoller, Mar 01 '13 at 20:34
It's a little different on IIS7. Forms and Anonymous is enabled. Windows Auth is disabled. — Elim99, Mar 01 '13 at 20:40

score 0 · Answer 1 · answered Mar 01 '13 at 19:20

0

I've set the Anonymous user identity value under the Anonymous properties to point to "Application pool Identity" instead of a specific user.
Try setting it back to original IUSR and make sure IUSR_YourComputerName user has access to site's files/folder

answered Mar 01 '13 at 19:20

Ramunas

3,853
1
30
31

I changed it back to IUSR and added IUSR to the folder permissions but still no luck. – Elim99 Mar 01 '13 at 20:08
What authentication scheme is set in your web.config? – Ramunas Mar 01 '13 at 20:13
Forms Authentication: – Elim99 Mar 01 '13 at 20:19

score -2 · Answer 2 · answered Sep 10 '13 at 12:34

http://social.technet.microsoft.com/Forums/windowsserver/en-US/c9239a89-fbee-4adc-b72f-7a6a9648331f/401-unauthorized-access-is-denied-due-to-invalid-credentials

Quoting from that article:

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

The question is about Forms authentication, not Windows authentication — Seth, Jan 27 '17 at 01:45

Forms Authentication with IIS 7.5 - Not Authorized

2 Answers2