I feel at some point of time each and every administrator who had managed and IIS has definitely encountered this error. It’s not the first time some one is trying to talk about this error, nor that the resolution for the same is not available, It’s there but I feel that this information is scattered in different places so this blog is an attempt to present the whole information in one place. Enough of talking let’s begin working.
First and Foremost: What is Anonymous Authentication in IIS 6.0?
As per Microsoft “Anonymous authentication gives users access to the public areas of your Web or FTP site without prompting them for a user name or password. By default, the IUSR_computername account is used to allow anonymous access.”
Ok, So why do I get this error in first place?
From a blog written by David Wang:
A common misconception by users “If I enabled anonymous access in IIS, everything should work and I should never see Access Denied”
As David Wong has written “As for enabling anonymous authentication in IIS - this merely tells IIS to automatically log in with a pre-configured user identity to execute the request, regardless of authentication attempted. There is no special Windows account that magically passes access checks and has access to everything. In fact, the user identity used for anonymous access can be the target of allow/deny ACLs, just like any other Windows user, so it is still possible to see "Access Denied" when you have anonymous authentication enabled.”
So, the most common cause for HTTP 401.1 in case of Anonymous Authentication is configured anonymous user credentials stored in the IIS metabase configuration file has different password stored than the user principle's credentials in reality (i.e. mismatched password). This happens because by default, the sub-authentication component, Iissuba.dll, is not enabled in IIS 6.0. In earlier versions, Iissuba.dll allowed IIS to manage passwords on anonymous accounts, which created a potential security risk.
Besides above there are some other reasons that I am aware of is is as follows:
- Anonymous user principle in IIS doesn’t have login rights to the system.
- Anonymous user principle in IIS is configured to deny access to the system during specific hours.
- Anonymous user principle in IIS is locked.
- Security Event Logs are full.
Looking for a solution to above, please look at my blog Troubleshooting: “HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials” when website is configured to use Anonymous Authentication in IIS 6.0 with default IUSR account.”
No comments:
Post a Comment