Home All Groups Group Topic Archive Search About

2003/IIS6 Permissions maze.....

microsoft.public.inetserver.iis.security
Author
30 May 2009 7:36 PM
nntp.charter.net
When I create a new website on my 2003 Server/IIS 6 machine, I select the
option to allow anonymous access.  but, when I try and browse the site I get
a permissions issue (401.3 - not authorized).

When I check, Windows Authentication is set and IIS_USR does NOT have
permissions on the site.

The site's directory is not in the default directory path.  I am using a
directory path in my Dropbox directory to make updating my sites easier than
FTPing changes.  (Using Dropbox I should just be able to drag and drop them
in my local Dropbox and they should sync with the same directories on the
server automatically.)

Any ideas as to why I am having these permissions issues?

I will check back every 10 minutes or so as I really need to get this
figured out.

Thanks for your help.

Author
31 May 2009 11:28 AM
David Wang
Show quote Hide quote
On May 30, 12:36 pm, "nntp.charter.net" <some***@microsoft.com> wrote:
> When I create a new website on my 2003 Server/IIS 6 machine, I select the
> option to allow anonymous access.  but, when I try and browse the site I get
> a permissions issue (401.3 - not authorized).
>
> When I check, Windows Authentication is set and IIS_USR does NOT have
> permissions on the site.
>
> The site's directory is not in the default directory path.  I am using a
> directory path in my Dropbox directory to make updating my sites easier than
> FTPing changes.  (Using Dropbox I should just be able to drag and drop them
> in my local Dropbox and they should sync with the same directories on the
> server automatically.)
>
> Any ideas as to why I am having these permissions issues?
>
> I will check back every 10 minutes or so as I really need to get this
> figured out.
>
> Thanks for your help.


You are having permissions issues because you did not set things up
correctly..

The Create website wizard will select Windows Authentication by
default. Enabling Anonymous authentication just adds the option to the
website. So, what you observe is by-design.

IIS does not (and cannot) synchronize file ACLs to match the selected
authentication protocol for security reasons. This means that if you
enable Anonymous authentication, you need to ensure the files are
readable by the configured anonymous user, or else you will get 401.3.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



Post Other interesting topics
status code 200 logged in log file
Single Sign On Intranet Windows Username Authentication (ASP.NET)
IIS 6 AUX command - is it patched?
Certificate Options
Where to put my IIS WebServer ?
Help with HTTP 401.2 - Access is denied error
Securing virtual directories
Backing up an IIS server
View Contents of an old CRS file
Is Exchange 2003 OWA vulnerable to Security Advisory (971492) - We