Solved

IIS7.5 - You do not have permission to view this directory or page using the credentials that you supplied.

Posted on 2010-09-10
7
11,640 Views
Last Modified: 2012-05-10
I am getting the following error on IIS7.5 (Windows 2008 R2 Server) on any DotNet site running (copied over from an IIS6 W2K3 Server) on IIS.
"403 - Forbidden: Access is denied."
"You do not have permission to view this directory or page using the credentials that you supplied."
I have forms authentication on all the web.config files.
The IUSR account had read/execute privileges in all the affected DotNet sites, and files.
URL authorization role is installed.
Basic authentication is installed.
default pages are set - "default.aspx"

still no luck - what other settings are required on a new IIS7.5 setup?  What other security settings are needed?
0
Comment
Question by:bd9000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Accepted Solution

by:
Arthalius earned 500 total points
ID: 33651495
Is your web application located outside of the default InetPub folders? Starting in IIS 7.5, the default application pool identity is no longer NetworkService, but is now ApplicationPoolIdentity. If you have configured a custom application pool identity, you'll need to verify that your custom pool identity has access to the folder. If you are using the stock pool identity, just make sure the "DefaultAppPool" identity can access the folder.

The IIS worker process runs under the configured app pool identity, your content won't display if the identity (and worker process) can't read the files on the filesystem.

Here's some documentation on the change: http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
0
 
LVL 9

Expert Comment

by:shalabhsharma
ID: 33651686
Use process Monitor to trouble shoot permission problem

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
 

Author Comment

by:bd9000
ID: 33652258
Do I need to create an account called "DefaultAppPool" or "IIS AppPool" ?
I can find neither account on the system.

The sites are in a folder called "sites" (so it's not the default)
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 

Author Comment

by:bd9000
ID: 33652270
okay, it's hidden (why would they hide this account from the GUI is beyond me) - i typed it in directly
IIS APPPOOL\DefaultAppPool
I granted that account full access to the sites folder, still no luck. :(


0
 

Author Comment

by:bd9000
ID: 33652324
I tried also using the command line tool:

icacls e:\sites /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

no luck, there. (the command works fine, but these permissions are not helping, either)

gave full control to IIS_IUSRS and IUSR

still no luck.

0
 

Author Comment

by:bd9000
ID: 33652336
I just tried "Everyone" with full control.  Still no dice.

I'll try NetworkService tomorrow.  must.. get... sleep...
0
 
LVL 9

Expert Comment

by:Valliappan AN
ID: 33652677
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question