iis 401 error

I have an application running on a Windows 2008 R2 server in IIS.

The web portal has an "Admin options" link at the login screen where I edit the SQL backend database settings.

When I click the link it's prompting me for Windows Authentication. I cannot seem to get past this part as it always results in the following error:

"Server Error - 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied"

I am using the domain admin account (which is the only account that was used in setting up the application).

I have checked the security settings on the files and directories themselves in Windows Explorer and in IIS and they all show that Administrators have Full Control. I also tried using the local Aministrator account of the server, but that also results in the same error.

The link in question is trying to access a folder called "Admin". In IIS, the Athentication setting shows everything disabled except for Windows Authentication.

Can someone suggest how I can troubleshoot this?

Who is Participating?
arnoldConnect With a Mentor Commented:
Use basic, digest which will prompt the user by the web server for credentials which means you would need the user accounts that are allowed, to the directory security tab. If you have not made sure that the user account that you want to have access was not added under the security tab, it could explain why your windows authentication fails. I.e. The browser sends your credentials, but based on the security tab, your user account is not set there with rights of access.  The alternative, is to maintain/grant access within the application pages of the site.
I.e. When someone accesses the admin pages, your asp, aspx, outputs a login form with credentials maintained in a database as well as what type of access the user has.

The web based security is limited to allow or not.
The application based security has much more flexibility allow access to items 1,2,4,6,7,8 to add/modify/delete
Items 5,9,15,23 view only, etc.
This means that within the IIS site security section configuration you do not allow anonymous login , basic, digest only NTLM is enabled! the browser that connects does not support the mechanism of your choice.
This issue is one because NTLM/window authentication only supported within trusted locations.  In the browser you are testing, add this site to the trusted list and see it work provided the credentials of the user logged in are valid on the IIS.
IT_ServiceAuthor Commented:
I added the site to trusted sites, restarted IIS and the browser too.

I tried to log in again, but still the same error.

I have a work around - just disabling Windows Authentication and enabling Anonymous, then changing the settings and then setting it back to Windows Authentication.

It would be great to find the solution though.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Are the two system on the same AD?
Covers the different auth methods and their dependencies.
Aaron TomoskyTechnology ConsultantCommented:
try basic instead of windows.
The asker seems to want transparent authentication where the user is not involved.
IT_ServiceAuthor Commented:
I'm not sure what you mean by "the two systems".

The web sever is a member server on the domain. I don't want users to be able to access the "admin options" page. I don't really care if it uses Windows authentication, but I would like it to use some kind of authentication.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.