Thursday, 10 March 2011

IIS7 & IIS Express 401 Access is denied due to invalid credentials Issue

I have been working on a large web application using MVC3, NHibernate using IIS Express to debug and IIS7 to stage. I'm using the membership services provided by ASP.NET to handle user authentication and provide security to the system. However I kept running across an issue, when accessing remotely, that was preventing me from logging in. Whenever I tried to view a page as a non logged in user I was returned a 404 Unauthorized error.



After searching around for a solution to why this was not displaying the correct page, even if it was redirecting to the login page I decided to try to set the error displaying to return more information. After adding <httpErrors errorMode="Details" /> to try and get a detail output from IIS the page started to work as expected.




With this option enabled the login page was now correctly displayed. This can be set without having to edit the web.config on IIS7 by editing the "Error Pages" features settings for your site in IIS. Set the Error Response to "Detailed errors"


8 comments:

  1. Thanks for this post! I ran into the same problem. This seems a little odd to me, have you figured out why MVC3 is exhibiting this behavior?

    ReplyDelete
  2. Figured out what is going on... this serverfault answer is the perfect explanation:

    http://serverfault.com/questions/137073/401-unauthorized-on-server-2008-r2-iis-7-5

    In my case, I had a logon page calling Html.RenderAction(), and that action had an [Authorization] attribute.

    Cheers.

    ReplyDelete
  3. Cheers for the update, I'll have to take a closer look I also have numerous Html.RenderAction() that properly implemnt the [Authorize] attribute.

    However I only noticed it since MVC3 RC, I don't think it was in either of the previous of the beta versions.

    ReplyDelete
  4. [...] bereits vor einiger Zeit von einem interessanten Problem geschrieben (bzw. hat er den Workaround hier gefunden) . Die Symptome des Fehlers [...]

    ReplyDelete
  5. thx alot, it help me alot..i try to figure this out for 6 days :(

    ReplyDelete
  6. [...] has already written about a very interesting problem a short time ago (he found the Workaround here). The symptoms of the error have been [...]

    ReplyDelete
  7. I can confirm that a path leading to an eventual [Authorize] attribute causes this - removing the RenderAction or allowing that action to render without [Authorize] fixes it.

    ReplyDelete