2

I have a asp mvc 2 web application that with forms authentication. It is working just fine on my Visual Studio Development Server but once I deploy my application to IIS 7 it give me a '401 - Unauthorized: Access is denied due to invalid credentials' error without going to my loginURL page.

In my Web Config

 <authentication mode="Forms"
  forms name=".MYUNIQUFORMSAUTH" loginUrl="/Login" requireSSL="false" timeout="20000"  /> 
<authentication/>

In IIS i also set the authentication to be Forms on my project and the cookie name matches name set in web.config file.

Project application pool is set to .NET 2.0 with Integrated Pipeline.

Improve this question

3 Answers 3

Reset to default
3

I had this problem and it was because the layout page had an Html.RenderAction to a controller that I hadn't applied an [AllowAnonymous] attribute to.

IIS Express let this slip through. IIS 7.0 was less forgiving.

(I'm following this pattern: http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I believe you need to enable the Anonymous Authentication in IIS besides Forms Authentication, so that a login form can be shown.

Improve this answer

Comments

0

You will need to either grant read permissions on the directory of your project directory for "IIS_IUSRS" or adjust your website in IIS to use pass through acccess scheme... p.s.below link for more info on this

http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.