I’m currently developing a web site that uses windows authentication, with ApplicationPoolIdentity configured with Identity=Application Pool. I can connect by login with my administrator user when asked by the browser and it works perfect, but if any other
user tries to access, the browser asks for the credentials 3 times and then it throws a 401 Error.
Test scenarios:
-
If the server is configured with Anonymous Authentication ON, everybody is able to open the page.
-
If I try to set the application pool Identity to a regular user account, IIS doesn’t recognize the user/password provided.
-
The folder C:\inetpub\ was set with full control to Everyone, but the users can’t connect anyway.
-
The folder C:\inetpub\ was set with full control to a specific user, but the user can’t connect anyway.
-
Following a recommendation from another post, the following section was added to the web.config :
<authorization>
<allow users="*"/>
</authorization>
The windows logs in the Event Viewer don’t store anything about a failed login.
i enabled Failed Request Tracing Rules, and create a rule
Path = *
Associated = all
Status codes = 200 - 999
time taken + 00:00:00
Entry type = local
and it was result
Module_set_response_error_status
ModuleName IIS Web Core
Notification : AUTHENTICATE_REQUEST
HttpStatus : 401
HttpReason : Unauthorized
ErrorCode : Access is denied (0x80070005)
