I am using IIS 7.5 and want to change a website from using anonymous authentication to basic authentication. I access the Authentication feature, disable anonymous authentication then enable basic authentication. When I access the website I get the following error
HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers. Module: IIS Web Core Notification: AuthenticateRequest Handler: StaticFile Error Code: 0x80070005 Requested URL: http://mywebsite.com:80/ Physical Path: \\myserver\myfolder Logon Method: Not yet determined Logon User: Not yet determined
I was expecting to get issued with a challenge (ask for username and password) but nothing, just the error.
Turning on failed request tracing I can see the following errors
MODULE_SET_RESPONSE_ERROR_STATUS ModuleName: IIS Web Core Notification: 2 HttpStatus: 401 HttpReason: Unauthorized HttpSubStatus: 2 ErrorCode: 2147942405 ConfigExceptionInfo: Notification: AUTHENTICATE_REQUEST ErrorCode: Access is denied. (0x80070005)
A couple of lines before this I guess the request is asking for anonymous access and is failing.
AUTH_REQUEST_AUTH_TYPE RequestAuthType: 1 RequestAuthType: Anonymous
What I'd like to know is why doesn't the server issue a challenge?
Looks like I had a problem in my
I added the following to the
<globalModules> ... <add name="BasicAuthenticationModule" image="%windir%\System32\inetsrv\authbas.dll" /> ... </globalModules>
And I added the following to the overall server
<location path="" overrideMode="Allow"> <system.webServer> ... <modules> ... <add name="BasicAuthenticationModule" lockItem="true" /> ... <modules> ... <system.webServer> ... <location path="" overrideMode="Allow">
... denotes other content in each of the sections, the important parts are the
<add /> sections
User contributions licensed under CC BY-SA 3.0