HTTP Error 401.3 - Unauthorized

33
votes

I am getting this errror in my newly created website in Windows 7 and IIS 7.5. I created an SSL certificate and done binding new website.

HTTP Error 401.3 - Unauthorized
You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.

Earlier when I created the website, I selected 'application user(pass through authentication)' in 'Add Website' dialogue. and when I click "Test Settings ..." button, I get this error message:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that \$ has Read access to the physical path. Then test these settings again.

Please see attached image

Please suggest solution to this.

Thanks.

3
asp.netiis-7
Have you checked the directory permissions? If you are using Windows authentication with passthrough you need to ensure that the application pool and the accessing user has permission to the directory.Tomas McGuinness
@ tomasmcguinness How can I check these permissions in IIS 7.5DotnetSparrow
Navigate to the document root directory for your site in explorer then check the folder properties, security tab.Rup

3 Answers

18
votes

Make sure that application pool of your website and website both are running under the same identity. Then make sure that this identity has required permissions on the virtual directory. I had exact same issue and above two checks fixed it.

118
votes

I had the same issue, ensured my DefaultAppPool was running under ApplicationPoolIdentity and the DefaultAppPool had permissions to the folder, but some files still didn't load.

Turns out my problem was that the anonymous authentication user was set to someone else instead of ApplicationPoolIdentity

Screenshot enter image description here

1
votes

IIS 7 also creates "IUSR" as default user to access files via IIS. So make sure user IUSR has read access to files/folders.

How to check if IUSR has read Access? Right Click -> Folder -> Properties -> Security Tab See if IUSR is in Group or user names list, If No.

Click Edit -> Add -> Advanced -> Find Now -> Select IUSR and click OK -->click Apply