I have been working on a large web application using MVC3, NHibernate using IIS Express to debug and IIS7 to stage. I’m using the membership services provided by ASP.NET to handle user authentication and provide security to the system. However I kept running across an issue, when accessing remotely, that was preventing me from logging in. Whenever I tried to view a page as a non logged in user I was returned a 404 Unauthorized error.
401 - Unauthorized: Access is denied due to invalid credentials.
After searching around for a solution to why this was not displaying the correct page, even if it was redirecting to the login page I decided to try to set the error displaying to return more information. After adding <httpErrors errorMode=”Details” /> to try and get a detail output from IIS the page started to work as expected.
With this option enabled the login page was now correctly displayed. This can be set without having to edit the web.config on IIS7 by editing the “Error Pages” features settings for your site in IIS. Set the Error Response to “Detailed errors”
Related Reading
 
|
|
Thanks for this post! I ran into the same problem. This seems a little odd to me, have you figured out why MVC3 is exhibiting this behavior?
Figured out what is going on… this serverfault answer is the perfect explanation:
http://serverfault.com/questions/137073/401-unauthorized-on-server-2008-r2-iis-7-5
In my case, I had a logon page calling Html.RenderAction(), and that action had an [Authorization] attribute.
Cheers.
Sorry… [Authorize]
Cheers for the update, I’ll have to take a closer look I also have numerous Html.RenderAction() that properly implemnt the [Authorize] attribute.
However I only noticed it since MVC3 RC, I don’t think it was in either of the previous of the beta versions.
Pingback: Fix: “401 – Unauthorized: Access is denied due to invalid credentials” bei ASP.NET MVC & IIS 7 | Code-Inside Blog
thx alot, it help me alot..i try to figure this out for 6 days
Pingback: Fix:“401 – Unauthorized: Access is denied due to invalid credentials“ on ASP.NET MVC & IIS 7 | Code-Inside Blog International
I can confirm that a path leading to an eventual [Authorize] attribute causes this – removing the RenderAction or allowing that action to render without [Authorize] fixes it.