There are quite a lot of threads and questions about this issue. However, non-of them helped me.
I have got an MVC4 app running on IIS8 without any probblem. I need to move this app to Windows 2012 R2 Server which has IIS8.5.
Whichever user I give access to folder, I still get following exception.
HTTP Error 401.0 - Unauthorized
You do not have permission to view this directory or page.
Most likely causes:
The authenticated user does not have access to a resource needed to process the request.
Here is the error trace screenshot
Regarding IIS Site Setup, Anonymous Authentication and Forms Authentication are enabled.
Lastly, I have given Server\IIS_USERS, App Pool Account, IUSR, Server\Users readn and write access to make it work, but still same error.
Could anyone help me with this please?
Thanks.
Related
I have a question regarding SQL Server Reporting Services 2019:
We have received a HTTPS-certificate and added a URL for both Web Service and Web Portal. When we try to access either /Reports or /ReportServer on HTTP we can get through with no problem, but when we try to access on HTTPS then we are met with a logon dialog which will give three attempts at log on before displaying a white page. All attempts at entering a valid combination of user name and password returns a 401 error.
We've tried removing and reinserting all bindings for HTTP, HTTPS, SSL, changing logon mechanism in the config file to use Kerberos, NTLM or a combination of those but nothing works.
Does anyone what the source of this problem might be and how to solve it?
We figured out what the problem was. Authentication issues did not behave the same for HTTP and HTTPS. My test user wasn't a member of the correct user group. Once we gave it "System User" access then we could log in.
I have a web application using glassfish and form authentication (j_security_check). All the passwords and usernames are stored in a javaDB (derby). I was able to log into the system while developing on the localhost and now that I deployed the app to AWS whenever I try to log in with a user (I have checked that the user actually exists in the DB), I always get the same error (that i normally get when entering wrong details) i.e. WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed.
Any ideas what it might be? I don't even know what info to provide since the issue doesn't even throw an exception or something. thanks
I am working on dnn site and facing some issue related with authentication.
When i'm going to browse a url ../admin/ControlPanel/module.css, it's showing 401 - Unauthorized: Access is denied due to invalid credentials.
I have verified all the settings in IIS, still not able to understand why this error is coming.
Thanks,
Is that the only file/path that is having that problem?
I would start by checking to see if you have Basic Authentication enabled in IIS.
Make sure there isn't a virtual directory or application configured on the admin folder for some odd reason.
We have a .NET application that was recently converted to .NET 4.0 and then published to IIS 6.0. When we trying going to the url without a page www.blahblahblah.com we get the following error:
Server Error in '/' Application.
Access is denied. Description: An
error occurred while accessing the
resources required to serve this
request. The server may not be
configured for access to the requested
URL.
Error message 401.2.: Unauthorized:
Logon failed due to server
configuration. Verify that you have
permission to view this directory or
page based on the credentials you
supplied and the authentication
methods enabled on the Web server.
Contact the Web server's administrator
for additional assistance.
We have IIS 6.0 site setup with a default content page going to "default.aspx". However, it seems IIS is not getting to the point of forwarding the url to this page. If we navigate directly to www.blahblahblah.com/default.aspx the page comes up with not issue and we all other functionality of the application works. If we roll back to the 3.5 version, the default page forwarding works as it should. Does anyone have any idea what is causing this?
I found the issue. Someone had put this (see below) in the authorization tag which prevented access to the website as a whole preventing IIS from forwarding to the default page, even though the page default.aspx had a location exception that allowed all users.
<authorization>
<deny users="*"/>
</authorization>
In IIS I can configure my custom error pages.
For each HTTP Error code I can say where to go. Several codes have a number of "sub" codes available. For example 404 has a regular 404, 404;1, 404;2 and so on..
What are they for? When are they returned? Should I make custom pages for these errors? Can I somehow easely configure all code "families" to come to the same page?
401 - Access denied. IIS defines several different 401 errors that indicate a more specific cause of the error. These specific error codes are displayed in the browser but are not displayed in the IIS log:
401.1 - Logon failed.
401.2 - Logon failed due to server configuration.
401.3 - Unauthorized due to ACL on resource.
401.4 - Authorization failed by filter.
401.5 - Authorization failed by ISAPI/CGI application.
401.7 – Access denied by URL authorization policy on the Web server (This error code is specific to IIS 6.0.)
Here is the complete list in the MSDN documentation for IIS 5.0 and 6.0 and for IIS 7.0, 7.5 and 8.0.
If you want to show your visitors or users a nice custom message depending on these subcode, you could do it. But you needn't.
"Substatus" error codes are specific to IIS. They are for "internal" logging purposes - whatever the substatus code, it is the the parent error that gets returned to the client (404.2 gets sent back as 404)
They were implemented specifically to reduce the surface area of attack of IIS whilst still providing sysadmins with a meaningful amount of data. Therefore you actively should not send back specific substatus error messages as you will be opening your IIS installation to possible attack.
Reference
This blog article appears to explain a lot of this. Perhaps it can be of help? At the very least, it explains the meaning of the 'sub-codes'.