"401 Unauthorized" on a directory
Solution 1
It is likely that you do not have the IUSR_computername permission on that folder. I've just had a quick scan and it looks like you will find the information you need here.
If that isn't the case, are you prompted for your username and password by the browser? If so it may be that IIS is configured to use Integrated authentication only, as described here.
Solution 2
- Open IIS and select site that is causing 401
- Select Authentication property in IIS Header
- Select Anonymous Authentication
- Right click on it, select Edit and choose Application pool identity
- Restart site and it should work
Solution 3
- Open IIS
select site where you are facing the problem
Select Below
- Right click on Anonymous Authentication and click on edit and follow below
Solution 4
You do not have permision to view this directory or page using the credentials that you supplied.
This happened despite the fact the user is already authenticated via Active Directory.
There can be many causes to Access Denied error, but if you think you’ve already configured everything correctly from your web application, there might be a little detail that’s forgotten. Make sure you give the proper permission to Authenticated Users to access your web application directory.
Here are the steps I took to solve this issue.
Right-click on the directory where the web application is stored and select Properties and click on Security tab.
Click on Click on Edit…, then Add… button. Type in Authenticated Users in the Enter the object names to select., then Add button. Type in Authenticated Users in the Enter the object names to select.
Click OK and you should see Authenticated Users as one of the user names. Give proper permissions on the Permissions for Authenticated Users box on the lower end if they’re not checked already.
Click OK twice to close the dialog box. It should take effect immediately, but if you want to be sure, you can restart IIS for your web application.
Refresh your browser and it should display the web page now.
Hope this helps!
Solution 5
You need to check the folder permissions on your server and check that the account that you are using to run your application has access to that folder.
Steven
Updated on October 03, 2020Comments
-
Steven over 3 years
I assume this is an IIS error, as this doesn't happen if I run the project on my local machine.
I have my stylesheets at
~/Content/css
Any files in that directory won't load on the page, and when I navigate to them directly, I get a server error:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
This only happens with that directory, I have no problem accessing any other files. Is there something I need to do in IIS7 to stop this?
-
nthapa over 9 yearsIt works but why? Can you explain a little bit more?
-
Johann over 9 yearsThis appears to work because, by default, the "specific user" for the anonymous authentication is IUSR, as mentioned in the accepted answer. However, the identity set on the application pool must have permissions to the entire website, or the site would not load. So while my IUSR account didn't have access (in fact, seems not to exist), the account the application pool is using does.
-
Serj Sagan over 8 yearsThis works, but what's confusing is that it used to work just fine for about 2 years and then today for no known reason it stopped working... your solution did fix it.
-
GIVE-ME-CHICKEN over 8 yearsSpent hours on this problem and no luck until i found this! I had a MVC 5 Web app that once published in release mode, and then loading the site on chrome, the content would load but the styles would not. The links are there and the paths where correct however they were all empty! This fix solved my problem.
-
Paul about 8 yearsin my case I just had to enable Anonymous authentication as it was disabled by default when application created
-
Ryan Shillington about 8 yearsIf you're using an application pool to manage your db/file system access, don't do this. Read on to see imanabidi's answer below.
-
Brian Gradin almost 8 yearsThis answer has saved my butt at least twice now.
-
Tommy Ivarsson almost 8 yearsThank you so much!
-
Oswaldo Zapata about 7 yearsAwesome!! thank you so much I was getting mixed up with this after looking for a solution all the day.
-
angularsen almost 7 yearsThis only works for me when I also explicitly add ACL read rights to said folders for
IIS APPPOOL\<name of app pool>
user in Windows. -
Josh over 6 yearsI didn't need to do step 5 (Restart site)
-
MorenajeRD over 6 yearsthanks, in my case i just added everyone with full control
-
Divya about 6 yearssupport.microsoft.com/kb/313075 - This page does not exists anymore. @m.edmondson
-
clarifier over 5 yearsI am facing this issue when I am locally running the site with out hosting in iis. can someone suggest the work around
-
mcheah over 4 yearsI had this issue too but this answer didn't solve it for me. I had to make sure that there was an "allow" rule under Authorization Rules - for all users. Previously there was nothing there.
-
Mark W. Mitchell over 3 yearsThis answer at least made me look at the Authentication status. Our site has Windows Authentication - and somehow that was disabled between releases. Toggling this to Enabled was our fix. This area has been one over the years where we have had to check the install roles and what is enabled/disabled - to make sure we have all the right authentications. Just do not usually need to look at it very often - years between needing to look.
-
faza about 3 yearsnice & perfect answer
-
BusinessAlchemist over 2 yearsThe latter link is unavailable either. It could be accessed here though: mskb.pkisolutions.com/kb/871179
-
Garr Godfrey over 2 yearsOf course, giving permission to IUSR would also work, but I like this solution better.