7

I find something related, but not same thing.

The error "Login failed for user 'NT AUTHORITY\IUSR'" in ASP.NET and SQL Server 2008

My issue is that the files are shared on the network, and I would like to debug from local IIS, I find that all static files seems to be access denied (401.3)

I have used the trace system, and find that the IIS is accessing the source using "NT AUTHORITY\IUSR" 

Url http://localhost:8451/umbraco_client/panel/images/panel_boxhead_h2_bg.gif 
App Pool Debug451 
Authentication anonymous 
User from token NT AUTHORITY\IUSR 
Activity ID

I have set the shared folder to be accessible to everyone, and changed the application pool's identity to domain administrator.

I have also tried to use 'Network Service' as identity and assign Domain\MachineName$ full access to the shared folder...

It looks to me that iis always using "NT AUTHORITY\IUSR" to access static resouce? If so, how can I give access on a shared folder to a local account? Or how can I force IIS to use some other identity?

update: as there are some new answer to this old question which I gave up at that time. I accentually have encounter this similar issue again recently on a server running windows 2008 R2, which I resolved, and I would like to give some update.

I resolve the issue this time by add read permission to $ComputerName/Users. This seems only an issue with server environment, and not sure if related to any group policy or similar kind. Hope this might help someone in future.

Community
  • 1
  • 1
ccppjava
  • 2,595
  • 3
  • 24
  • 30
  • I changed it to impersonal and authorization method to 'Windows', tried to input the domain admin's identity. Still gives me a 401.3, this time: User from token Domain\Administrator – ccppjava Aug 18 '10 at 10:59

5 Answers5

2

Once you have configured the user of the application pool to have access permission to the shared folder ( create a new user in windows and add it to the IUSER group, and add specifique access rights to the shared folder for that user), YOU HAVE TO change in IIS the Authentification settings: IIS->site that need access->Authentification settings -> anonymous authentification->edit->select aplication pool identity (instead of IUSER).

isa
  • 21
  • 2
0

this worked for me, thanks. Go to the Shared Folder –> right click –> properties -> security –>edit –> add (so far as usual ) -> choose object types –> check on computers –> now enter the computer name where your application is working from , where you published your application

user2233824
  • 1
  • thank you very much for answer the question, however, I am not able to validate your answer any more as I am not able to access the very environment anymore. – ccppjava May 03 '13 at 10:32
0

You can try $[computername]\IUSR > you'll want to use advanced search to look this one up in windows permissions.

Or... you can set up your shared folder as drive on IIS's local and access it that way. So [serverb]\share becomes mapped to a letter on server A and IIS accesses it that way.

RandomUs1r
  • 4,010
  • 1
  • 24
  • 44
0

Make sure you have enabled IIS to serve static content. I had this issue, too, and it drove me nuts until I figured that out.

In "Turn Windows Features on or off", go to "Internet Information Services > World Wide Web Services > Common HTTP Features > Static Content" (for Windows 7; you'll have to find the similar option in XP).

I don't know how much this will help, but also see Microsoft's documentation.

palswim
  • 11,856
  • 6
  • 53
  • 77
0

Set the identity of the application pool by going to advanced settings:

Remember to edit the Anonymous Authentication and either use the application pool identity or else specify a user account that has access to the resource you are wanting to access

Technology Smurf
  • 1
  • Please take into consideration the age of the question. There is no point in adding another answer when the author already stated that he cant access the server anymore – Gert Kommer Oct 26 '20 at 10:37