?
Solved

401-Access denied on new virtual folder in IIS using domain user for anonymous login

Posted on 2010-09-15
2
Medium Priority
?
903 Views
Last Modified: 2012-05-10
Two Windows 2008 R2 servers, one is web server, the other is database server with AD installed.  A custom CGI app on the web server needs access to database files on the other server, so I've set it up to use a domain user rather than IUSR for anonymous user login for all newly created virtual folders.

Problem: I create a new virtual folder and check that anonymous user authentication uses my domain user MYDOMAIN\WEBUSER.  The virtual folder itself is on the web server and it has full permissions assigned to both IUSR and to MYDOMAIN\WEBUSER.  When I connect, I get
"401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied."

If I go to Authentication / Anonymous Authentication and set it to use IUSR, it will then open the web page in the virtual folder (I'm just using a test.html file for testing).  However, if I immediately go back and set it back to MYDOMAIN\WEBUSER, where it was by default to start with, it then works!

That's the only thing I change to make it work - simply change from my domain user to IUSR and then right back again.
0
Comment
Question by:pcspcs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 2000 total points
ID: 33688412
Hi,

you need to make sure that your anonymous user has equivalent rights to the default IUSR - click "start->admin tiools->local security policy", expand local policies, click 'user rights assignments'

fullscreen the policy explorer and expand the 'security setting' panel so that you can see all the relevant users and groups.  Add your MYDOMAIN\WEBUSER to every policy that is assigned to the default IUSR.

Cheers,  Mike.
0
 

Author Comment

by:pcspcs
ID: 33716862
Thanks!  While following your instructions I noticed that the rights are assigned to the group IIS_USERS, so I just added my custom user (MYDOMAIN\WEBUSER) to the group IIS_USERS.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Logparser is the smartest tool I have ever used in parsing IIS log files and there are many interesting things I wanted to share with everyone one of the  real-world  scenario from my current project. Let's get started with  scenario - How do w…
What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question