Solved

401-Access denied on new virtual folder in IIS using domain user for anonymous login

Posted on 2010-09-15
2
897 Views
Last Modified: 2012-05-10
Two Windows 2008 R2 servers, one is web server, the other is database server with AD installed.  A custom CGI app on the web server needs access to database files on the other server, so I've set it up to use a domain user rather than IUSR for anonymous user login for all newly created virtual folders.

Problem: I create a new virtual folder and check that anonymous user authentication uses my domain user MYDOMAIN\WEBUSER.  The virtual folder itself is on the web server and it has full permissions assigned to both IUSR and to MYDOMAIN\WEBUSER.  When I connect, I get
"401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied."

If I go to Authentication / Anonymous Authentication and set it to use IUSR, it will then open the web page in the virtual folder (I'm just using a test.html file for testing).  However, if I immediately go back and set it back to MYDOMAIN\WEBUSER, where it was by default to start with, it then works!

That's the only thing I change to make it work - simply change from my domain user to IUSR and then right back again.
0
Comment
Question by:pcspcs
2 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
Comment Utility
Hi,

you need to make sure that your anonymous user has equivalent rights to the default IUSR - click "start->admin tiools->local security policy", expand local policies, click 'user rights assignments'

fullscreen the policy explorer and expand the 'security setting' panel so that you can see all the relevant users and groups.  Add your MYDOMAIN\WEBUSER to every policy that is assigned to the default IUSR.

Cheers,  Mike.
0
 

Author Comment

by:pcspcs
Comment Utility
Thanks!  While following your instructions I noticed that the rights are assigned to the group IIS_USERS, so I just added my custom user (MYDOMAIN\WEBUSER) to the group IIS_USERS.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now