Solved

IIS7.5 - You do not have permission to view this directory or page using the credentials that you supplied.

Posted on 2010-09-10
7
11,445 Views
Last Modified: 2012-05-10
I am getting the following error on IIS7.5 (Windows 2008 R2 Server) on any DotNet site running (copied over from an IIS6 W2K3 Server) on IIS.
"403 - Forbidden: Access is denied."
"You do not have permission to view this directory or page using the credentials that you supplied."
I have forms authentication on all the web.config files.
The IUSR account had read/execute privileges in all the affected DotNet sites, and files.
URL authorization role is installed.
Basic authentication is installed.
default pages are set - "default.aspx"

still no luck - what other settings are required on a new IIS7.5 setup?  What other security settings are needed?
0
Comment
Question by:bd9000
7 Comments
 
LVL 1

Accepted Solution

by:
Arthalius earned 500 total points
ID: 33651495
Is your web application located outside of the default InetPub folders? Starting in IIS 7.5, the default application pool identity is no longer NetworkService, but is now ApplicationPoolIdentity. If you have configured a custom application pool identity, you'll need to verify that your custom pool identity has access to the folder. If you are using the stock pool identity, just make sure the "DefaultAppPool" identity can access the folder.

The IIS worker process runs under the configured app pool identity, your content won't display if the identity (and worker process) can't read the files on the filesystem.

Here's some documentation on the change: http://blogs.iis.net/webdevelopertips/archive/2009/10/02/tip-98-did-you-know-the-default-application-pool-identity-in-iis-7-5-windows-7-changed-from-networkservice-to-apppoolidentity.aspx
0
 
LVL 9

Expert Comment

by:shalabhsharma
ID: 33651686
Use process Monitor to trouble shoot permission problem

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
 

Author Comment

by:bd9000
ID: 33652258
Do I need to create an account called "DefaultAppPool" or "IIS AppPool" ?
I can find neither account on the system.

The sites are in a folder called "sites" (so it's not the default)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:bd9000
ID: 33652270
okay, it's hidden (why would they hide this account from the GUI is beyond me) - i typed it in directly
IIS APPPOOL\DefaultAppPool
I granted that account full access to the sites folder, still no luck. :(


0
 

Author Comment

by:bd9000
ID: 33652324
I tried also using the command line tool:

icacls e:\sites /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

no luck, there. (the command works fine, but these permissions are not helping, either)

gave full control to IIS_IUSRS and IUSR

still no luck.

0
 

Author Comment

by:bd9000
ID: 33652336
I just tried "Everyone" with full control.  Still no dice.

I'll try NetworkService tomorrow.  must.. get... sleep...
0
 
LVL 9

Expert Comment

by:Valliappan AN
ID: 33652677
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question