ASP MVC Forms Authentication Working Locally Not IIS 7 - 401 Unauthorized Error

2
votes

I have a asp mvc 2 web application that with forms authentication. It is working just fine on my Visual Studio Development Server but once I deploy my application to IIS 7 it give me a '401 - Unauthorized: Access is denied due to invalid credentials' error without going to my loginURL page.

In my Web Config

 <authentication mode="Forms"
  forms name=".MYUNIQUFORMSAUTH" loginUrl="/Login" requireSSL="false" timeout="20000"  /> 
<authentication/>

In IIS i also set the authentication to be Forms on my project and the cookie name matches name set in web.config file.

Project application pool is set to .NET 2.0 with Integrated Pipeline.

3
asp.net-mvcformsauthentication

3 Answers

1
votes

I believe you need to enable the Anonymous Authentication in IIS besides Forms Authentication, so that a login form can be shown.

3
votes

I had this problem and it was because the layout page had an Html.RenderAction to a controller that I hadn't applied an [AllowAnonymous] attribute to.

IIS Express let this slip through. IIS 7.0 was less forgiving.

(I'm following this pattern: http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx)

0
votes

You will need to either grant read permissions on the directory of your project directory for "IIS_IUSRS" or adjust your website in IIS to use pass through acccess scheme... p.s.below link for more info on this

http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/