401 - Unauthorized On Server 2008 R2 IIS 7.5

Solution 1:

Sometimes you have to take a step back... The cause of this was I had a Html.RenderAction() in my view that called an action method that was marked with the [Authorize] attribute.

Solution 2:

Since it works locally but not remotely, it sounds to me like the anonymous user account doesn't have access to something, but your windows user does. To prove this, turn off Windows Authentication for the website and see if it breaks locally.

Whatever is breaking is likely running as your website identity instead of your app pool identity, otherwise it would break locally and remotely. My recommendation if you have 1 to 1 mappings of sites to app pools, or you have a highly trusted environment, is to set the anonymous user account to use the app pool identity. Then you don't need to worry about a 2nd user to maintain.

You mentioned process explorer. That's good for finding running info, but the tool that will likely uncover access denied errors is processmon (also from sysinternals). Try it, repro and capture, then search for the word 'denied'. It should turn up any access denied issues on disk.


Solution 3:

For some reason this fixed my issue.

  1. Click site in IIS.
  2. Double click authentication
  3. Right click and pick Advanced settings
  4. De-select "Enable Kernel-mode authentication"

Solution 4:

You will have this same behavior when you have a filter for custom authorization that inherits from AuthorizeAttribute and one or more calls to OnAuthorization method , with one of them setting AuthorizationContext.Result to `HttpUnauthorizedResult'


Solution 5:

Did you check the settings under Authorization rules? If anyone can access this page (which seems to be your goal) make sure that you have an "Allow" rule that has "All Users" under the users column.

Then in "Authentication" make sure there are no conflicts and only Anonymous Authentication is enabled.

Hope that helps.