I'm trying to test my ASP.Net website on localhost and I'm getting this error:
HTTP Error 401.3 - Unauthorized
You do not have permission to view this directory or page because of
the access control list (ACL) configuration or encryption settings for
this resource on the Web server.
I have the following users on the website application folder, with full read/write permissions:
- NETWORK SERVICE
- IIS_IUSRS
- SYSTEM
- Administrators
- Nathan (me)
What can I try to fix this?
IIS 7 also creates "IUSR" as default user to access files via IIS. So make user IUSR has read access to files/folders.
How to check if IUSR has read Access? Right Click -> Folder -> Properties -> Security Tab See if IUSR is in Group or user names list, If No.
Click Edit -> Add -> Advanced -> Find Now -> Select IUSR and click OK four times
Found this on another forum, so I cant take credit but i did it and it worked for me:
"Try changing the Anonymous authentication setting in IIS7:
Click on Authentication and click edit after choosing Anonymous Authentication. In the opening window select Application Pool identity and click OK. "
I had the same issue in IIS 7.5 on Windows Server 2008. For me, the following steps worked to fix the issue:
After I made this change, my 401.3 errors disappeared.
Are you using a login mechanism, or just anonymous auth?
If anonymous, go into IIS manager, in the Authentication icon, choose the Anonymous Auth name, then click the Edit button in Actions. Check which user is specified there and make sure it has permissions to the site files/folders.
If you have some form of login system, make sure that the user(s) you are logging in as have permissions to the files for the site, and make sure that the ID of the application pool you are running under has at least read access to the files.
By default, with IIS 7.5, the each Application Pool runs under its own "virtual identity". The App Pool's identity is are the credentials that are used to access the file system.
I'm not sure of the mechanics of it, but Microsoft did this to increase the security of the default install while alleviating the need to create service accounts in certain installation scenarios. Regardless, the upshot is you will have to identify this "virtual identity" account and grant it access to your directory, or change the App Pool's service account.
The App Pool virtual identities are named "IIS AppPool\", so if you are using the DefaultAppPool, its identity would be "IIS AppPool\DefaultAppPool".
See this article for more complete details.
Hi For Me on IIS 8 work : 1)Go on IIS virtual directory - 2)authentication - 3)Anonymous authentication - 4) set Application Pool Identity .
As none of the answers above helped me I thought I'd share how I solved this issue as I bumped into it on my local machine running win7 and IIS7.
Go to IIS7 -> Application Pools
Find the application pool of your site (in my case DefaultAppPool), right click and choose Advanced Options.
Find chapter Process Model and change the field Identity to a user you know for sure has access to the files in your website folder (in my case the local admin)
Answering to include info from the comments on the accepted answer.
In IIS 7.5 on Windows Server 2008r2, the IIS_IUSRS group is already included, but the separate IUSR group must still be added to permissions to allow for file access/download.
For more information on the differences in the accounts see Understanding Built-in User and Group Accounts in IIS.
Try this... Go to Computer Management (right click on my computer and select Manage) --> Local Users and Groups --> Users --> Select IUSR_MACHINENAME --> Right click Properties --> Make sure it is a member of IIS_WPG and users and not Guests.
I am working with Server 2008 R2 and the IUser account is not available in the list.
Try installing the client side of IIS using
aspnet_regiis -cand then reset IIS.