?
Solved

IIS7.5 - You do not have permission to view this directory or page using the credentials that you supplied.

Posted on 2010-09-10
7
Medium Priority
?
12,527 Views
Last Modified: 2012-05-10
I am getting the following error on IIS7.5 (Windows 2008 R2 Server) on any DotNet site running (copied over from an IIS6 W2K3 Server) on IIS.
"403 - Forbidden: Access is denied."
"You do not have permission to view this directory or page using the credentials that you supplied."
I have forms authentication on all the web.config files.
The IUSR account had read/execute privileges in all the affected DotNet sites, and files.
URL authorization role is installed.
Basic authentication is installed.
default pages are set - "default.aspx"

still no luck - what other settings are required on a new IIS7.5 setup?  What other security settings are needed?
0
Comment
Question by:bd9000
7 Comments
 
LVL 1

Accepted Solution

by:
Arthalius earned 2000 total points
ID: 33651495
Is your web application located outside of the default InetPub folders? Starting in IIS 7.5, the default application pool identity is no longer NetworkService, but is now ApplicationPoolIdentity. If you have configured a custom application pool identity, you'll need to verify that your custom pool identity has access to the folder. If you are using the stock pool identity, just make sure the "DefaultAppPool" identity can access the folder.

The IIS worker process runs under the configured app pool identity, your content won't display if the identity (and worker process) can't read the files on the filesystem.

Here's some documentation on the change: http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
0
 
LVL 9

Expert Comment

by:shalabhsharma
ID: 33651686
Use process Monitor to trouble shoot permission problem

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
 

Author Comment

by:bd9000
ID: 33652258
Do I need to create an account called "DefaultAppPool" or "IIS AppPool" ?
I can find neither account on the system.

The sites are in a folder called "sites" (so it's not the default)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:bd9000
ID: 33652270
okay, it's hidden (why would they hide this account from the GUI is beyond me) - i typed it in directly
IIS APPPOOL\DefaultAppPool
I granted that account full access to the sites folder, still no luck. :(


0
 

Author Comment

by:bd9000
ID: 33652324
I tried also using the command line tool:

icacls e:\sites /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

no luck, there. (the command works fine, but these permissions are not helping, either)

gave full control to IIS_IUSRS and IUSR

still no luck.

0
 

Author Comment

by:bd9000
ID: 33652336
I just tried "Everyone" with full control.  Still no dice.

I'll try NetworkService tomorrow.  must.. get... sleep...
0
 
LVL 9

Expert Comment

by:Valliappan AN
ID: 33652677
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question