401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.

Question

User532500805 posted

Receiving this error message after changing IIS and .NET Authorization Rules to only Allow local "Administrators" roles

OS: Windows Server 2016 running IIS 10

Our Application Pool is running under an ApplicationPoolIdentity. Anonymous Authentication is enabled and running App Pool identity. ASP.NET impersonation is enabled as well. Windows Authentication is disabled (this is an externally facing website)

I have added the IIS AppPool\AppPool to the IIS_IUSRS group, Administrator group, and Users group.

I also granted Full Control ACLs for IIS AppPool\AppPool and the IIS_IUSRS group to the Website path (using icacls "WebsitePath" /grant "IIS AppPool\AppPool:(OI)(CI)(IO)F" /T)

Still, no luck. just keep getting a 401. running Process Monitor doesn't show any error status or permission issues.  There is nothing in he server event logs.

What am I missing still??

Thanks

Answer 1

User1535942433 posted

Hi ELNerdo79,

As far as I think,you need to change Anonymous user identity from Application pool identity  to Specific User.You could  follow bellow steps:

1.IIS Manager → Sites → Website

2.Double click "Authentication"

3.Select Anonymous Authentication from the Actions panel, select Edit

4.Select Specific User

Just like this:

https://i.stack.imgur.com/Pr8GZ.png

Best regards,

Yijing Sun