IIS 7.5 (Windows 7) - HTTP Error 401.3 - Unauthorized
IIS 7 also creates "IUSR" as default user to access files via IIS. So make user IUSR has read access to files/folders.
How to check if IUSR has read Access? Right Click -> Folder -> Properties -> Security Tab See if IUSR is in Group or user names list, If No.
Click Edit -> Add -> Advanced -> Find Now -> Select IUSR and click OK four times
Found this on another forum, so I cant take credit but i did it and it worked for me:
"Try changing the Anonymous authentication setting in IIS7:
Click on Authentication and click edit after choosing Anonymous Authentication. In the opening window select Application Pool identity and click OK. "
I had the same issue in IIS 7.5 on Windows Server 2008. For me, the following steps worked to fix the issue:
- Open IIS Manager
- Click the website you want to edit
- Double-click Authentication
- Click Anonymous Authentication, then click Edit... under Actions
- Change to use the Application pool identity credentials instead of the Specific user (mine was IUSR)
After I made this change, my 401.3 errors disappeared.
Are you using a login mechanism, or just anonymous auth?
If anonymous, go into IIS manager, in the Authentication icon, choose the Anonymous Auth name, then click the Edit button in Actions. Check which user is specified there and make sure it has permissions to the site files/folders.
If you have some form of login system, make sure that the user(s) you are logging in as have permissions to the files for the site, and make sure that the ID of the application pool you are running under has at least read access to the files.
By default, with IIS 7.5, the each Application Pool runs under its own "virtual identity". The App Pool's identity is are the credentials that are used to access the file system.
I'm not sure of the mechanics of it, but Microsoft did this to increase the security of the default install while alleviating the need to create service accounts in certain installation scenarios. Regardless, the upshot is you will have to identify this "virtual identity" account and grant it access to your directory, or change the App Pool's service account.
The App Pool virtual identities are named "IIS AppPool\", so if you are using the DefaultAppPool, its identity would be "IIS AppPool\DefaultAppPool".
See this article for more complete details.