Re: Windows Authentication Access Denied Error

The second request is 401.3, indicating that IIS successfully
authenticated the user, but the user was later denied access by NTFS
ACL.

It confirms that the issue has nothing to do with IIS and is specific
to ACLs your application depends upon. There are no service
dependencies or special files/folders for Windows Authentication of
the sort that you are asking about.

I suggest starting by removing the web servers from your corporate
group policy, or at least apply different group policies for servers.
That is the source of your troubles, not IIS.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Dec 3, 4:42 am, L Nelson <LNel...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
When the user hits the website the first response is 401 2 2148074254
For myself, it then goes to 200 0 0 as a successful login
For the users who are failing, the second response is 401 3 5
At this point, a login prompt window pops up.  If the user enters their
login and password here, they get the access denied error and the entry in
the log is 401 1 0



"David Wang" wrote:
On Dec 2, 12:38 pm, L Nelson <L Nel...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
I have two  Windows 2003 servers hosting an ASP.NET site. Both servers are
using Windows Authentication.  Everything was working fine, but suddenly my
users are not able to access the dev site.  They are still able to access
prod fine.  When attempting to access the site they are getting a 401 "access
denied" error message.  I suspect that our company's automated lockdown
policies are causing the problem, but in order to have them configured so
they will not interfere I need to know all the services that the Windows
Authentication protocol uses, and also if there are any specific folders or
directories that the users need to have access to.  The lockdown policies
restrict access to anything and everything on C.  The web files and also the
SQL Server Express engine are installed to the E directory on the server.  I
am still able to access both sites, as I am also on the local admins group.  

It sounds like your question is more about the dependencies of your
specific web application, unrelated to IIS.

To be certain -- please check the IIS log entry for the requests which
result in "401 access denied" and make sure it is not 401.1 or 401.2.
http://blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_II...

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//- Hide quoted text -

- Show quoted text -
.

Relevant Pages

  • Re: IIS 5.0 Windows Authenticion/NT Challenge Response
    ... And so IIS returned 400, which says absolutely nothing about your question ... concerning authentication ... "Windows Authentication" works but not Basic or Anonymous. ... to auto-login to the web server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Help Required: Digest Authentication and Trusted environment
    ... This is not an IIS question. ... Directory Domains and Trusts MMC Snapin. ... I need to provide Digest Authentication at both the servers. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Directory security - how do I log off a site
    ... This only applies to Basic authentication. ... Tom Kaminski IIS MVP ... "Bernard" wrote in message ... It uses Windows authentication to verify ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS metabase permissions when creating new VirDirs
    ... Are you on IIS 6.0? ... service manager and enable windows authentication - you then run it under ... the authenticated account. ... >> authentication and locking down the script with NTFS. ...
    (microsoft.public.inetserver.iis.security)
  • Re: reading network shared directory
    ... locally using windows authentication on the IIS application then your ... Try switching your IIS application security to basic, ... You can either set up delegation, or use basic authentication on your IIS ...
    (microsoft.public.dotnet.framework.aspnet.security)