none
Users cannot access web site hosted on IIS, configured with Windows Authentication ON RRS feed

  • Question

  • I’m currently developing a web site that uses windows authentication, with ApplicationPoolIdentity configured with Identity=Application Pool. I can connect by login with my administrator user when asked by the browser and it works perfect, but if any other user tries to access, the browser asks for the credentials 3 times and then it throws a 401 Error.

    Test scenarios:

    1. If the server is configured with Anonymous Authentication ON, everybody is able to open the page.

    2. If I try to set the application pool Identity to a regular user account, IIS doesn’t recognize the user/password provided.

    3. The folder C:\inetpub\ was set with full control to Everyone, but the users can’t connect anyway.

    4. The folder C:\inetpub\ was set with full control to a specific user, but the user can’t connect anyway.

    5. Following a recommendation from another post, the following section was added to the web.config :

    <authorization>
    <allow users="*"/>
    </authorization>
    

    The windows logs in the Event Viewer don’t store anything about a failed login.

    i enabled Failed Request Tracing Rules, and create a rule 

    Path = *

    Associated = all

    Status codes = 200 - 999

    time taken + 00:00:00 

    Entry type = local

    and it was result 

    Module_set_response_error_status

    ModuleName IIS Web Core

    Notification : AUTHENTICATE_REQUEST

    HttpStatus : 401

    HttpReason : Unauthorized

    ErrorCode : Access is denied (0x80070005)

    Friday, June 29, 2018 3:58 PM