
Working on a MVC5 project, I have access to the account / login page. When I enter wrong credentials it tells me that the username / password is incorrect. When I enter the right credentials it redirects me to home/index so I assume the login did work.

How ever upon getting to the new page I get the following error. HTTP Error 401.0 - Unauthorized.

Ant i'm not sure how I would go on and solve this.

My Login Controller

public ActionResult LogIn()
    return View();

public ActionResult LogIn(LogOnModel model, string returnUrl)
    if (ModelState.IsValid)
        if (MembershipService.ValidateUser(model.UserName, model.Password))
            FormsService.SignIn(model.UserName, model.RememberMe);
            if (!String.IsNullOrEmpty(returnUrl))
                return Redirect(returnUrl);
                return RedirectToAction("Index", "Home");
            ModelState.AddModelError("", "The user name or password provided is incorrect.");

    // If we got this far, something failed, redisplay form
    return View(model);

And my model

public class LogOnModel {
    [DisplayName("User name")]
    public string UserName { get; set; }

    public string Password { get; set; }

    [DisplayName("Remember me?")]
    public bool RememberMe { get; set; }

public interface IFormsAuthenticationService {
    void SignIn(string userName, bool createPersistentCookie);
    void SignOut();

public class FormsAuthenticationService : IFormsAuthenticationService {
    public void SignIn(string userName, bool createPersistentCookie) {
        if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");

        FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);

And last my web.config:

<?xml version="1.0"?>
    <add name="SaleswebEntities" connectionString=
    <compilation debug="true" targetFramework="4.0">
        <add assembly="System.Web.Abstractions, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Routing, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.Mvc, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add assembly="System.Data.Entity, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <add assembly="System.Web.Helpers, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Web.WebPages, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" />

        <clear />
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />

        <clear />
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />

    <roleManager enabled="false">
        <clear />
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />

        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.WebPages" />

    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" />

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="" newVersion="" />

    <add key="ClientValidationEnabled" value="false" />
    <add key="UnobtrusiveJavaScriptEnabled" value="false" />

The connection string is not empty, but I did remove it I do not want it posted public.

Please show your code from action and controller. The fact that you are redirected doesn't mean you are authenticated.kamil-mrzyglod
@Kamo sorry for that, updated my post.Joakim Carlsson
What does your FormsService.SignIn() method do?kamil-mrzyglod
public interface IFormsAuthenticationService { void SignIn(string userName, bool createPersistentCookie); void SignOut(); }Joakim Carlsson
I mean could you add its code too? :)kamil-mrzyglod

4 Answers


I've had a simular issue and it were nothing with the code, something did happen with my iis and I had to reinstall it. The key thing here is to make sure you uninstall the Windows Process Activation Service or otherwise your ApplicationHost.config will be still around.


I have noticed that you use FormsService in your Login Controller. I think that this class is SharePoint-specific. I would recommend using WebSecurity.Login() or FormsAuthentication.Authenticate() instead.


Have you checked that your Startup.cs has configured the application correctly?

There should be something similar to the following in there:

app.UseCookieAuthentication(new CookieAuthenticationOptions
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))

Sounds like a IIS permission issue, you should try running VS as administrator if you have not already.

" HTTP Error 401.0 - Unauthorized You do not have permission to view this directory or page."

Diagnose 401.x HTTP errors on IIS

Try to make sure permissions are correct for the folders. Double-click the Authentication feature in IIS. Right-click the "Anonymous Authentication" provider and select edit. Now, right-click the web application in the left pane, select Edit Permissions..., select the Security tab, click Edit -> Add and add IIS APPPOOL\NameOfAppPool. Make sure the Application Pool Identity has read and execute permissions of the folder.

Here are a few links.

Configuring IIS (Windows 7) for ASP.NET / ASP.NET MVC 3

