Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IIS7.5 - You do not have permission to view this directory or page using the credentials that you supplied.

Posted on 2010-09-10
7
Medium Priority
?
12,179 Views
Last Modified: 2012-05-10
I am getting the following error on IIS7.5 (Windows 2008 R2 Server) on any DotNet site running (copied over from an IIS6 W2K3 Server) on IIS.
"403 - Forbidden: Access is denied."
"You do not have permission to view this directory or page using the credentials that you supplied."
I have forms authentication on all the web.config files.
The IUSR account had read/execute privileges in all the affected DotNet sites, and files.
URL authorization role is installed.
Basic authentication is installed.
default pages are set - "default.aspx"

still no luck - what other settings are required on a new IIS7.5 setup?  What other security settings are needed?
0
Comment
Question by:bd9000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Accepted Solution

by:
Arthalius earned 2000 total points
ID: 33651495
Is your web application located outside of the default InetPub folders? Starting in IIS 7.5, the default application pool identity is no longer NetworkService, but is now ApplicationPoolIdentity. If you have configured a custom application pool identity, you'll need to verify that your custom pool identity has access to the folder. If you are using the stock pool identity, just make sure the "DefaultAppPool" identity can access the folder.

The IIS worker process runs under the configured app pool identity, your content won't display if the identity (and worker process) can't read the files on the filesystem.

Here's some documentation on the change: http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
0
 
LVL 9

Expert Comment

by:shalabhsharma
ID: 33651686
Use process Monitor to trouble shoot permission problem

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
 

Author Comment

by:bd9000
ID: 33652258
Do I need to create an account called "DefaultAppPool" or "IIS AppPool" ?
I can find neither account on the system.

The sites are in a folder called "sites" (so it's not the default)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bd9000
ID: 33652270
okay, it's hidden (why would they hide this account from the GUI is beyond me) - i typed it in directly
IIS APPPOOL\DefaultAppPool
I granted that account full access to the sites folder, still no luck. :(


0
 

Author Comment

by:bd9000
ID: 33652324
I tried also using the command line tool:

icacls e:\sites /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

no luck, there. (the command works fine, but these permissions are not helping, either)

gave full control to IIS_IUSRS and IUSR

still no luck.

0
 

Author Comment

by:bd9000
ID: 33652336
I just tried "Everyone" with full control.  Still no dice.

I'll try NetworkService tomorrow.  must.. get... sleep...
0
 
LVL 9

Expert Comment

by:Valliappan AN
ID: 33652677
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question