Basic Authentication doesn't display login box


I am using IIS 7.5 and want to change a website from using anonymous authentication to basic authentication. I access the Authentication feature, disable anonymous authentication then enable basic authentication. When I access the website I get the following error

HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Module: IIS Web Core
Notification: AuthenticateRequest
Handler: StaticFile
Error Code: 0x80070005
Requested URL:
Physical Path: \\myserver\myfolder
Logon Method: Not yet determined
Logon User: Not yet determined

I was expecting to get issued with a challenge (ask for username and password) but nothing, just the error.

Turning on failed request tracing I can see the following errors

ModuleName: IIS Web Core 
Notification: 2 
HttpStatus: 401 
HttpReason: Unauthorized 
HttpSubStatus: 2 
ErrorCode: 2147942405 
ErrorCode: Access is denied. (0x80070005)

A couple of lines before this I guess the request is asking for anonymous access and is failing.

RequestAuthType: 1
RequestAuthType: Anonymous

What I'd like to know is why doesn't the server issue a challenge?

asked on Server Fault May 17, 2013 by Kevin Brydon

1 Answer


Looks like I had a problem in my applicationHost.config.

I added the following to the <globalModules> section

    <add name="BasicAuthenticationModule" image="%windir%\System32\inetsrv\authbas.dll" />

And I added the following to the overall server <system.webserver> section

<location path="" overrideMode="Allow">
            <add name="BasicAuthenticationModule" lockItem="true" />
<location path="" overrideMode="Allow">

the ... denotes other content in each of the sections, the important parts are the <add /> sections

answered on Server Fault May 20, 2013 by Kevin Brydon

User contributions licensed under CC BY-SA 3.0