Databases
StackOverflow2013
Postsdbo
POTroubleshooting a 401 Unauthorized error IIS 7.5
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POTroubleshooting a 401 Unauthorized error IIS 7.5
    text
    copied!<p>I have a webapp which is a .NET 4, webforms app running on IIS 7.5 on Server 2008. Recently and apparently sporadically users trying to use the app on a mac are being presented with an error page stating: </p> <p>401 Unauthorized - Access is denied due to invalid credentials. You do not have the permission to view this directory using the credentials that you supplied.</p> <p>The page doesn't provide any further information or substatus codes. I have checked the IIS error logs for more information and have found that this issue does seem to be unique to users on a mac most commonly Safari but it does also happen on other browsers such as Firefox. Again no substatus code is provided in these logs.</p> <p>The error message provided seems to be consistent with a 401.1 however I am using forms authentication and not windows authentication. I have been unable to reproduce this myself and at the moment it apparently happens at random for users and not consistently after a set of specific steps.</p> <p>This error occurs when users are in the app or trying to log in, I do not think it is related to them entering invalid credentials as I have validation to handle that and it can happen to users already logged into the app.</p> <p>As I can't reproduce the error I am not sure how to approach solving this problem, I would like some guidance to this regard and any solutions or ideas that you guys can come up with. If more information is needed let me know and I can update the question.</p> <p>EDIT:</p> <p>I had an idea that maybe some configuration on a mac was causing a WWW-Authenticate header to be sent when it isn't required, but after using TamerData to add the header I found I still couldn't replicate the issue. All authentication in IIS is disabled with the exception of anonymous and forms.</p> <p>EDIT 2:</p> <p>I have now been able to successfully reproduce the issue, it occurs when an unauthenticated user attempts to access a protected page with a ?ReturnUrl=value parameter. This will cause IIS to display the error page described above. I can fix this behaviour by removing the ReturnUrl parameter on any unauthenticated attempts to access a protected page and redirect the user to the login page in Begin_Request.</p> <p>However this issue has been reported most commonly on a page which is redirected to immediately <strong>after</strong> a user has just logged in. So for some reason the user is still being sent a 401 error when they are in fact authenticated. Any idea why this would be?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload