HTTP Error 401.1 - Unauthorized from Local IIS

Question

I have created site on my local machine that works fine on debug mode but when i put the site on local iis (7.5) of my machine i get

HTTP Error 401.1 - Unauthorized

Answer 1

As a quick and dirty fix, grant the IIS_IUSRS group Read/Execute or Modify permissions to your web folder... BUT DON'T DO THIS ON AN INTERNET FACING SERVER, read on....

To fix this properly you should grant the Application Pool Identity for your site Read/Execute or Modify permissions to your application's web folder. To do this:

1. Open IIS Manager, navigate to your website or application folder where the site is deployed to.
2. Open Advanced Settings (it's on the right hand Actions pane).
3. Note down the Application Pool name then close this window
4. Double click on the Authentication icon to open the authentication settings
5. Disable Windows Authentication
6. Right click on Anonymous Authentication and click Edit
7. Choose the Application pool identity radio button the click OK
8. Select the Application Pools node from IIS manager tree on left and select the Application Pool name you noted down in step 3
9. Right click and select Advanced Settings
10. Expand the Process Model settings and choose ApplicationPoolIdentity from the "Built-in account" drop down list then click OK.
11. Click OK again to save and dismiss the Application Pool advanced settings page
12. Open an Administrator command line (right click on the CMD icon and select "Run As Administrator". It'll be somewhere on your start menu, probably under Accessories.
13. Run the following command:

icacls <path_to_site> /grant "IIS APPPOOL\<app_pool_name>"(CI)(OI)(M)

For example:

icacls C:\inetpub\wwwroot\mysite\ /grant "IIS APPPOOL\DEFAULTAPPPOOL":(CI)(OI)(M)

If all is good icacls.exe will report:

processed file: c:\inetpub\wwwroot\mysite
Successfully processed 1 files; Failed processing 0 files

Answer 2

i also had the same issue. i simply remove the application. created a new floder and hosted it again. problem solved.

Answer 3

Somewhat late in coming, but an alternative that I sometimes forget is time difference. In a domain environment, run "Net Time /SET" to synchronise with the AD Box.

Additional Reading:

For all of this to work and to ensure security, the domain controllers and clients must have the same time. Windows operating systems include the Time Service tool (W32Time service). Kerberos authentication will work if the time interval between the relevant computers is within the maximum enabled time parameters. The default is five minutes. You can also turn off the Time Service tool and install a third-party time service. Of course, if you have problems authenticating, you should make sure that the time is correct for the domain controllers and the client that is experiencing the problem. (Source: https://sourcedaddy.com/windows-7/server-authentication.html)

Heavier Reading:

.... In addition, IT professionals should understand how Windows Time Service works because Kerberos security is highly dependent on time services. .... (Source: https://redmondmag.com/articles/2012/02/01/understanding-the-essentials-of-the-kerberos-protocol.aspx )

Answer 4

In my case this had nothing to do with permissions. This is the "loopback check" protection. The problem was because I was connecting from the local machine that had the IIS.

Symptoms are: You connect and you get a browser prompt to insert credentials 3 times, then an HTTP 401.1 error.

Testing from a different computer works well.

Some sites will tell you to disable the "loopback check", but instead you have to add the FQDN domain you're connecting to to a whitelist, as described in this serverfault response:

https://serverfault.com/a/485011/415362