3
votes

I have an MVC 3 application that is giving me a 401 error when I try and access it from the remote server, but when I run it from my local computer it runs with out any error.

The remote server has IIS 7 configured to allow both Forms and Anonymous access and successfully serves static files (content files), it's only when I try and access the MVC application that I'm getting issues.

When I browse to the MVC application, I get a prompt that says, "Windows Security - The server at requires a username and password. Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)."

I've tried entering all the passwords I can think of, and nothing give me access.

When I click cancel, I get a server error that says, "401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied." and I've been redirected to the LogOn page

My Web.config file looks like this:

<?xml version="1.0" encoding="utf-8"?> 
<!-- 
  For more information on how to configure your ASP.NET application, please visit 
  http://go.microsoft.com/fwlink/?LinkId=152368 
  --> 
<configuration> 
  <configSections> 
    <section name="razorJSSettings" type="RazorJS.Configuration.RazorJSSettings, RazorJS" /> 
  </configSections> 
  <connectionStrings> 
    <!--<add name="ApplicationServices" 
         connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" 
         providerName="System.Data.SqlClient" />--> 
    <add name="ApplicationServices" connectionString="Data Source=SOURCE; Initial Catalog=thedb; User ID=thedbuser; Password='thedbuserpassword';" /> 
    <add name="GestmeDataContext" connectionString="metadata=res://*/Models.Gestme.csdl|res://*/Models.Gestme.ssdl|res://*/Models.Gestme.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=SOURCE;initial catalog=thedb;persist security info=True;user id=thedbuser;password=thedbuserpassword;multipleactiveresultsets=True;App=EntityFramework&quot;" providerName="System.Data.EntityClient" /> 
  </connectionStrings> 
  <appSettings> 
    <add key="webpages:Version" value="1.0.0.0" /> 
    <add key="ClientValidationEnabled" value="true" /> 
    <add key="UnobtrusiveJavaScriptEnabled" value="true" /> 
  </appSettings> 
  <system.web> 
    <compilation debug="true" targetFramework="4.0"> 
      <assemblies> 
        <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
        <add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
        <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
        <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
        <add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> 
        <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> 
      </assemblies> 
    </compilation> 
    <customErrors mode="Off" /> 
    <authentication mode="Forms"> 
      <forms loginUrl="~/Account/LogOn" timeout="2880" /> 
    </authentication> 
    <membership> 
      <providers> 
        <clear /> 
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> 
      </providers> 
    </membership> 
    <profile> 
      <providers> 
        <clear /> 
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" /> 
      </providers> 
    </profile> 
    <roleManager enabled="true"> 
      <providers> 
        <clear /> 
        <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" /> 
      </providers> 
    </roleManager> 
    <pages> 
      <namespaces> 
        <add namespace="System.Web.Helpers" /> 
        <add namespace="System.Web.Mvc" /> 
        <add namespace="System.Web.Mvc.Ajax" /> 
        <add namespace="System.Web.Mvc.Html" /> 
        <add namespace="System.Web.Routing" /> 
        <add namespace="System.Web.WebPages" /> 
      </namespaces> 
    </pages> 
    <httpHandlers> 
      <add path="razorjs.axd" verb="GET" type="RazorJS.RazorJSHandler" /> 
    </httpHandlers> 
  </system.web> 
  <system.webServer> 
    <httpErrors errorMode="Detailed" />
    <asp scriptErrorSentToBrowser="true"/>
    <validation validateIntegratedModeConfiguration="false" /> 
    <modules runAllManagedModulesForAllRequests="true" /> 
    <handlers> 
      <add name="RazorJSHandler" path="razorjs.axd" verb="GET" type="RazorJS.RazorJSHandler" /> 
    </handlers> 
  </system.webServer> 
  <runtime> 
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> 
      <dependentAssembly> 
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> 
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" /> 
      </dependentAssembly> 
      <dependentAssembly> 
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" /> 
        <bindingRedirect oldVersion="0.0.0.0-4.0.8.0" newVersion="4.0.8.0" /> 
      </dependentAssembly> 
    </assemblyBinding> 
  </runtime> 
  <razorJSSettings handlerPath="~/razorjs.axd"> 
    <!-- If empty all paths are valid --> 
    <allowedPaths> 
      <add path="~/Scripts" /> 
    </allowedPaths> 
  </razorJSSettings> 
</configuration> 

What are all the issues that could cause 401 errors to be returned from the server? Could it be the connection from the database to the server or the aspnet_* tables?

3

3 Answers

5
votes

So, the actual reason was kinda dumb. I had a partial view on the masterpage that had the [Authorize] attribute associated with its action result.

Just in case anyone else gets that same error!

1
votes

I believe this is because you are using the AspNetWindowsTokenRoleProvider. This is trying to get the role for the user on the local server, not from Windows Forms.

You should be specifying the SqlRoleProvider.

1
votes

please go to the "Authentication Method" in Default Web Site in IIS and checked on "Integrated Windows Authenticaton". This might be work.