Fix:“401 – Unauthorized: Access is denied due to invalid credentials“ on ASP.NET MVC & IIS 7
There are a lot of different reasons for this error message for example the IIS process has no access for the files or the password of the account where the application runs is wrong. All in all: it is a not very clear defined error message. Martin has already written about a very interesting problem a short time ago (he found the Workaround here). The symptoms of the error have been this:
- Error message “401 – Unauthorized: Access is denied due to invalid credentials” from a remote machine
- Nothing special in the IIS Logs
- The site was shown correctly by the Remote Desktop localhost
What was wrong: If you turn the IIS Manager (IIS Manager -> Error Pages -> Edit Feature Settings) on Detailed Error the side works from outside as well without any kind of error messages. Mh?!
Beside the website was an ASP.NET MVC side but probably the problem would be the same with a regular ASP.NET. The page we want to see was the login page but that doesn’t work.
What about the detailed error settings?
You can change the settings at IIS Manager -> Error Pages and Edit Feature Settings (on the right side). The following is set as Default:
These settings effect that the detail-information’s of an error will be shown to the user if he comes through the localhost. Everyone else will see an unspecific site. At this page you can read more about the process. Most important part:
Now we are going to talk about the symptom: the site was shown correctly by the Remote Desktop localhost
What I recognized much later was that the site was shown correctly on the server but it was redeemed with Http Status 401. The “Response Body” consists of the Login site and because of this I didn’t recognized it before.
Like you can see on the process above: If the errorMode is set on “detailed” the Response Body will be rendered as error message. In my case the response body was the login page.
Why was the Status Code 401?
The main problem was: a “RenderAction()” on the Layout/Masterpage which leaned on an action where authentication was necessary. That’s what provoked the 401 error and for result it puts the login page into the body. Beside I do not know why this didn’t end up in a circle because the login site also uses the Layout.
If you receive this kind of error message you have to check up if there is an RenderAction producing an error if there’s something wrong on your login page.
Other advice: Take a look on the Statuscodes of the site with Firebug or anything else.
This advice was from an answer on Stackoverflow asked by a guy with the same problem.