Collection of IIS configuration errors-you are not authorized to view this page

Source: Internet
Author: User
Tags metabase
Collection of IIS configuration errors-you are not authorized to view this page
HTTP error 401-you are not authorized to view this page

When configuring IIS, the security is slightly better. There will be a variety of problems. For example, a common webpage may pop up a login interface with a user name and password, or access a page such as HTML or ASP, but there is a problem when accessing JSP or PHP, display 401.3 ACL to prohibit access to resources.


Sometimes you are prompted to enter the user name and password. If this is the case, check whether the administrator password or IIS Anonymous Account password has been changed.


1. Error 401.1
Symptom: HTTP Error 401.1-unauthorized: access is denied due to invalid creden.
Analysis:
The user's anonymous access account (IUSR _ machine name by default) is disabled or has no permission to access the computer.
Solution:
(1) check whether the anonymous account set for site security in IIS manager is disabled. If yes, try the following methods to enable it:
Control Panel-> Administrative Tools-> Computer Management-> local users and groups, enable IUSR _ machine name account. If the problem persists, proceed to the next step.
(2) check whether the default anonymous access account of the site in the IIS manager or its group has the permission to access the server over the network in the Local Security Policy, if you have not attempted to grant permissions by following these steps:
Start-> Program-> Administrative Tools-> Local Security Policy-> local policy-> User permission assignment, double-click "Access this computer from network ", add default IIS users or their groups.
Note: Generally, custom IIS default anonymous access accounts belong to groups. To ensure security, follow this rule.

2. Error 401.2
Symptom: HTTP Error 401.2-unauthorized: access is denied due to server configuration.
Cause: Anonymous Authentication disabled
Solution:
Run inetmgr, choose site Properties> Directory Security> authentication and access control> enable Anonymous Access, enter the user name, or click browse to select a valid user, enter the password twice and then confirm.

3. Error Code 401.3
Symptom: HTTP Error 401.3-unauthorized: access to requested resources is denied due to ACL settings.
Cause: IIS Anonymous Users generally belong to the guests group, and we generally assign the permissions to store the website's hard disk only to the Administrators group. In this case, according to the inheritance principle, website folders can only be accessed by members of the Administrators group. As a result, the NTFS permission for anonymous IIS users to access this file is insufficient, and thus the page cannot be accessed.
Solution:
Grant the IIS Anonymous user the permission to access the website folder by entering the security option of the folder, adding the IIS Anonymous user, and granting the corresponding permission, generally reading and writing.
You are not authorized to view this page
You do not have the permission to view the directory or page by using the provided creden。, because the web browser is sending the WWW-Authenticate header field that the Web server is not configured to accept.

Please try the following operations:

If you think you should be able to view this directory or page, contact the website administrator.
Click Refresh and try again with other creden.
HTTP Error 401.2-unauthorized: access is denied due to server configuration.
Internet Information Service (IIS)

Technical Information (for technical support personnel)

Go to Microsoft Product Support and search for titles including "HTTP" and "401.
Open "IIS Help" (which can be accessed in the IIS Manager (inetmgr ), search for topics titled "about security", "authentication", and "about custom error messages.

As soon as the web directory is opened
Just change the name ~!
Dizzy ~ 1
Deleted the web directory.
You are playing

Or are you not authorized to view this page?
Change it /~!

IIS-specific problems

Right-click this folder in IIS and choose Properties> execute permission to select "script only ".

In IIS, your virtual directory, properties-> Directory Security-> edit authentication and Access Control

In website properties, click "Directory Security"-click "authentication and Access Control"-"edit"-remove the "enable Anonymous Access" hook.

Many of my friends have encountered many problems when using IIS6 websites. Some of these problems have been encountered in iis5 in the past, and some are new. I have been busy for one afternoon, I have done many experiments and made this conclusion based on my previous troubleshooting experience. I hope I can help you with this :)
Problem 1: parent path not enabled
Symptom example:
Server. mappath () Error 'asp 0175: 66661'
The path character is not allowed.
/0709/dqyllhsub/news/opendatabase. asp, row 4
The character '...' is not allowed in the path parameter of mappath '..'.
Cause analysis:
In many web pages, such .. /format Statement (that is, return to the previous page, that is, the parent path), and iis6.0 is disabled by default for security considerations.
Solution:
In IIS, choose Properties> Home directory> Configuration> options. Check "enable parent path. Confirm refresh.

Question 2: Improper web Extension Configuration of ASP (also applicable to ASP. NET and CGI)
Symptom example:
HTTP Error 404-file or directory not found.
Cause analysis:
In iis6.0, the web program extension option is added, in which you can.. net, CGI, IDC, and other programs are allowed or prohibited. By default, ASP and other programs are prohibited.
Solution:
Select Active Server Pages in the Web service extension in IIS and click "allow ".

Problem 3: Incorrect Identity Authentication Configuration
Symptom example:
HTTP Error 401.2-unauthorized: access is denied due to server configuration.
Cause Analysis: IIS supports the following Web authentication methods:
Anonymous Authentication
IIS creates an IUSR _ computer name account (where the computer name is the name of the server running IIS) to authenticate anonymous users when they request web content. This account grants the User Local logon permission. You can reset anonymous user access to any valid Windows account.
Basic Authentication
You can use basic authentication to restrict access to files on an NTFS-format web server. To use basic authentication, you must enter creden。 and access is based on the user ID. Both the user ID and password are sent between networks in plain text.
Windows integrated Authentication
Windows Integrated Identity Authentication is safer than basic identity authentication, and plays a role well in the Intranet environment where the user has a Windows domain account. In integrated Windows authentication, the browser attempts to use the creden used by the current user during domain login. If the attempt fails, the browser prompts the user to enter the user name and password. If you use integrated Windows authentication, your password will not be transferred to the server. If the user logs on to the local computer as a domain user, the user does not have to perform authentication again when accessing the network computer in this domain.
Digest Authentication
Abstract identity verification overcomes many disadvantages of basic identity authentication. When digest authentication is used, the password is not sent in plain text. In addition, you can use digest authentication on the proxy server. Digest authentication uses a challenge/response mechanism (integrated with the mechanism used for Windows Authentication), where the password is sent encrypted.
. NET Passport Authentication
Microsoft. NET Passport is a user authentication service that allows a single security check-in, making it safer for users to access. NET Passport-enabled web sites and services. Websites with. NET Passport enabled perform identity authentication on the central server of *. NET Passport. However, the central server does not authorize or deny specific users access to sites with. NET Passport enabled.
Solution:
Configure different identity authentication as needed (generally anonymous identity authentication, which is used by most sites ). The authentication option is configured under Properties> Security> authentication and access control of IIS.

Problem 4: Improper IP address restriction Configuration
Symptom example:
HTTP Error 403.6-Access prohibited: the client's IP address is denied.
Cause analysis:
IIS provides an IP address restriction mechanism. You can configure it to restrict a certain zhangp from accessing the site, or restrict that only some IP addresses can access the site, if the client is within the IP address range blocked by you, or is not within the permitted range, an error message is displayed.
Solution:
Go to IIS Properties> Security> IP address and domain name restrictions. If you want to restrict access from some IP addresses, You need to select authorized access. Click Add to select an IP address that is not allowed. Otherwise, only access from some IP addresses is allowed.

Question 5: the IUSR account is disabled
Symptom example:
HTTP Error 401.1-unauthorized: access is denied due to invalid creden.
Cause analysis:
Because the account used for anonymous access is the IUSR _ machine name, if this account is disabled, the user cannot access it.
Solution:
Control Panel-> Administrative Tools-> Computer Management-> local users and groups, enable IUSR _ machine name account.

Question 6: Improper NTFS permission settings
Symptom example:
HTTP Error 401.3-unauthorized: access to requested resources is denied due to ACL settings.
Cause analysis:
The Web Client user belongs to the user group. Therefore, if the NTFS permission of the file is insufficient (for example, the file has no read permission), the page cannot be accessed.
Solution:
Go to the Security tab of the folder and configure user permissions. At least read permissions are required. The NTFS permission settings are not described here.

Problem 7: the IWAM account is not synchronized
Symptom example:
HTTP 500-Internal Server Error
Cause analysis:
The IWAM account is a built-in account automatically created when IIS is installed. After the IWAM account is created, it is used by the Active Directory, IIS metabase database, and COM + applications. The account and password are respectively saved by the three parties, the operating system is responsible for synchronizing the IWAM password stored by the three parties. The system sometimes fails to synchronize the password of the IWAM account, resulting in inconsistent passwords used by the IWAM account.
Solution:
If ad exists, choose Start> program> Administrative Tools> Active Directory user and computer. Set a password for the IWAM account.
Run c: \ Inetpub \ adminscripts> adsutil set w3svc/wamuserpass + password to synchronize IIS metabase Database Password
Run cscript C :\\ Inetpub \ adminscripts \ synciwam. vbs-V to synchronize the password of the IWAM account in the COM + application

Problem 8: MIME settings make some types of files unable to be downloaded (take ISO as an example)
Symptom example:
HTTP Error 404-file or directory not found.
Cause analysis:
Iis6.0 canceled support for some MIME types, such as ISO, resulting in client download errors.
Solution:
In IIS, choose Properties> HTTP header> MIME type> New. In the subsequent dialog box, enter. ISO for the extension, and the MIME type is application.

In addition, factors such as firewall blocking, ODBC configuration errors, web server performance restrictions, and thread restrictions are also possible causes for IIS server access failure. Here we will not repeat them one by one.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.