"401 Unauthorized" on a directory

asp.net asp.net-mvc iis iis-7

150,228

Solution 1

It is likely that you do not have the IUSR_computername permission on that folder. I've just had a quick scan and it looks like you will find the information you need here.

If that isn't the case, are you prompted for your username and password by the browser? If so it may be that IIS is configured to use Integrated authentication only, as described here.

Solution 2

Open IIS and select site that is causing 401
Select Authentication property in IIS Header
Select Anonymous Authentication
Right click on it, select Edit and choose Application pool identity
Restart site and it should work

Solution 3

Open IIS
select site where you are facing the problem
Select Below

- Right click on Anonymous Authentication and click on edit and follow below

Solution 4

You do not have permision to view this directory or page using the credentials that you supplied.

This happened despite the fact the user is already authenticated via Active Directory.

There can be many causes to Access Denied error, but if you think you’ve already configured everything correctly from your web application, there might be a little detail that’s forgotten. Make sure you give the proper permission to Authenticated Users to access your web application directory.

Here are the steps I took to solve this issue.

Right-click on the directory where the web application is stored and select Properties and click on Security tab.
Click on Click on Edit…, then Add… button. Type in Authenticated Users in the Enter the object names to select., then Add button. Type in Authenticated Users in the Enter the object names to select.
Click OK and you should see Authenticated Users as one of the user names. Give proper permissions on the Permissions for Authenticated Users box on the lower end if they’re not checked already.
Click OK twice to close the dialog box. It should take effect immediately, but if you want to be sure, you can restart IIS for your web application.

Refresh your browser and it should display the web page now.

Hope this helps!

Solution 5

You need to check the folder permissions on your server and check that the account that you are using to run your application has access to that folder.

View more solutions

150,228

Author by

Steven

Updated on October 03, 2020

Comments

Steven over 3 years

I assume this is an IIS error, as this doesn't happen if I run the project on my local machine.

I have my stylesheets at ~/Content/css

Any files in that directory won't load on the page, and when I navigate to them directly, I get a server error:

401 - Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

This only happens with that directory, I have no problem accessing any other files. Is there something I need to do in IIS7 to stop this?
nthapa over 9 years

It works but why? Can you explain a little bit more?
Johann over 9 years

This appears to work because, by default, the "specific user" for the anonymous authentication is IUSR, as mentioned in the accepted answer. However, the identity set on the application pool must have permissions to the entire website, or the site would not load. So while my IUSR account didn't have access (in fact, seems not to exist), the account the application pool is using does.
Serj Sagan over 8 years

This works, but what's confusing is that it used to work just fine for about 2 years and then today for no known reason it stopped working... your solution did fix it.
GIVE-ME-CHICKEN over 8 years

Spent hours on this problem and no luck until i found this! I had a MVC 5 Web app that once published in release mode, and then loading the site on chrome, the content would load but the styles would not. The links are there and the paths where correct however they were all empty! This fix solved my problem.
Paul about 8 years

in my case I just had to enable Anonymous authentication as it was disabled by default when application created
Ryan Shillington about 8 years

If you're using an application pool to manage your db/file system access, don't do this. Read on to see imanabidi's answer below.
Brian Gradin almost 8 years

This answer has saved my butt at least twice now.
Tommy Ivarsson almost 8 years

Thank you so much!
Oswaldo Zapata about 7 years

Awesome!! thank you so much I was getting mixed up with this after looking for a solution all the day.
angularsen almost 7 years

This only works for me when I also explicitly add ACL read rights to said folders for IIS APPPOOL\<name of app pool> user in Windows.
Josh over 6 years

I didn't need to do step 5 (Restart site)
MorenajeRD over 6 years

thanks, in my case i just added everyone with full control
Divya about 6 years

support.microsoft.com/kb/313075 - This page does not exists anymore. @m.edmondson
clarifier over 5 years

I am facing this issue when I am locally running the site with out hosting in iis. can someone suggest the work around
mcheah over 4 years

I had this issue too but this answer didn't solve it for me. I had to make sure that there was an "allow" rule under Authorization Rules - for all users. Previously there was nothing there.
Mark W. Mitchell over 3 years

This answer at least made me look at the Authentication status. Our site has Windows Authentication - and somehow that was disabled between releases. Toggling this to Enabled was our fix. This area has been one over the years where we have had to check the install roles and what is enabled/disabled - to make sure we have all the right authentications. Just do not usually need to look at it very often - years between needing to look.
faza about 3 years

nice & perfect answer
BusinessAlchemist over 2 years

The latter link is unavailable either. It could be accessed here though: mskb.pkisolutions.com/kb/871179
Garr Godfrey over 2 years

Of course, giving permission to IUSR would also work, but I like this solution better.