Solved

401-Access denied on new virtual folder in IIS using domain user for anonymous login

Posted on 2010-09-15
2
902 Views
Last Modified: 2012-05-10
Two Windows 2008 R2 servers, one is web server, the other is database server with AD installed.  A custom CGI app on the web server needs access to database files on the other server, so I've set it up to use a domain user rather than IUSR for anonymous user login for all newly created virtual folders.

Problem: I create a new virtual folder and check that anonymous user authentication uses my domain user MYDOMAIN\WEBUSER.  The virtual folder itself is on the web server and it has full permissions assigned to both IUSR and to MYDOMAIN\WEBUSER.  When I connect, I get
"401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied."

If I go to Authentication / Anonymous Authentication and set it to use IUSR, it will then open the web page in the virtual folder (I'm just using a test.html file for testing).  However, if I immediately go back and set it back to MYDOMAIN\WEBUSER, where it was by default to start with, it then works!

That's the only thing I change to make it work - simply change from my domain user to IUSR and then right back again.
0
Comment
Question by:pcspcs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 33688412
Hi,

you need to make sure that your anonymous user has equivalent rights to the default IUSR - click "start->admin tiools->local security policy", expand local policies, click 'user rights assignments'

fullscreen the policy explorer and expand the 'security setting' panel so that you can see all the relevant users and groups.  Add your MYDOMAIN\WEBUSER to every policy that is assigned to the default IUSR.

Cheers,  Mike.
0
 

Author Comment

by:pcspcs
ID: 33716862
Thanks!  While following your instructions I noticed that the rights are assigned to the group IIS_USERS, so I just added my custom user (MYDOMAIN\WEBUSER) to the group IIS_USERS.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question