A frequent question in debate forums is how to debug 401 errors. Here I try to shortly provide some guidance – hoping that it will help you. Please note that this guide assumes you are not using forms authentication – ‘cause that’s a whole other ball game:-)
Step 1: Find out which user the actual windows process is running under
Like any other app, your asp.net website will be ran by a normal Windows process, and like all other process some user is running it. The first step therefore is to locate the actual user who’s running your app since there’s good chance that this user does not have the necessary authorizations.
The flow chart to the left describes how to find out schematically.
Step 2: Determine which user rights applies to your asp.net website folders and files
Open your physical website folder. In IIS this path can be found on the “Virtual Directory” tab in the “Local path” text box.
If your path is in a sub directory to e.g. a Visual Studio folder such as C:\Documents and Settings\mhm\My Documents\Visual Studio 2005\WebSites\WebSite1 the default security permissions would be:
- Administrators have full access
- You (or the currently loged in user) have full access
- SYSTEM user has full access
Other users have no rights. You can check this by right clicking your folder, select properties, and select “Security” tab. To add a user click “Add…”. Type in the name of the user you wish to add and click “Check names” – if the user you typed in exists, it will be underlined. Now you can click OK button, and the user will be added to the list. To ensure that the files in your folder have inherited the new right, please check a couple of files in the folder.
The authorized user must have sufficient rights in your website folder! This is why it is so important that you know which user is running your process.
Now, what are sufficient rights then? At least it is reading rights. If you perform other I/O operations, additional rights will be necessary. If you perform serialization, writing rights would be needed to c:\windows\temp folder as well. DB access rights could be necessary etc. In general, aim for the lowest level of rights.
Tip! Instead of executing your website from some “Program Files” folder or Visual Studio projects folder, you can copy your website folder to the c:\inetpub\wwwroot directory. It should then inherit the parent folder’s (wwwroot) security setup which is targeted directly at iis websites and will therefore often be sufficient.
Please check-out this as well.