Solved

401-Access denied on new virtual folder in IIS using domain user for anonymous login

Posted on 2010-09-15
2
900 Views
Last Modified: 2012-05-10
Two Windows 2008 R2 servers, one is web server, the other is database server with AD installed.  A custom CGI app on the web server needs access to database files on the other server, so I've set it up to use a domain user rather than IUSR for anonymous user login for all newly created virtual folders.

Problem: I create a new virtual folder and check that anonymous user authentication uses my domain user MYDOMAIN\WEBUSER.  The virtual folder itself is on the web server and it has full permissions assigned to both IUSR and to MYDOMAIN\WEBUSER.  When I connect, I get
"401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied."

If I go to Authentication / Anonymous Authentication and set it to use IUSR, it will then open the web page in the virtual folder (I'm just using a test.html file for testing).  However, if I immediately go back and set it back to MYDOMAIN\WEBUSER, where it was by default to start with, it then works!

That's the only thing I change to make it work - simply change from my domain user to IUSR and then right back again.
0
Comment
Question by:pcspcs
2 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 33688412
Hi,

you need to make sure that your anonymous user has equivalent rights to the default IUSR - click "start->admin tiools->local security policy", expand local policies, click 'user rights assignments'

fullscreen the policy explorer and expand the 'security setting' panel so that you can see all the relevant users and groups.  Add your MYDOMAIN\WEBUSER to every policy that is assigned to the default IUSR.

Cheers,  Mike.
0
 

Author Comment

by:pcspcs
ID: 33716862
Thanks!  While following your instructions I noticed that the rights are assigned to the group IIS_USERS, so I just added my custom user (MYDOMAIN\WEBUSER) to the group IIS_USERS.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question