Удаленный сервер возвратил ошибку 401 несанкционированный iis

I am attempting to deploy a web application to IIS 10 on Windows Server 2019. I have a PowerShell script that executes the MsDeploy.exe command using basic authentication. The username and password is provided in the query string POSTed to the web server for the deployment. After a little playing around, I was able to replicate the problem using a simple command in the regular Windows command prompt:

"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -setParamFile:C:\...\Deploy.ContinuousIntegration.xml -source:package=C:\...\Web.zip -dest:auto,computerName=https://hostname:8172/msdeploy.axd?site=,username=DeployUser,password=DeployPassword,authtype=Basic,includeAcls=False -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -allowUntrusted -enableRule:AppOffline -enableRule:EncryptWebConfig

The same command formatted for better readability:

"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" ^
    -setParamFile:C:\...\Deploy.ContinuousIntegration.xml ^
    -source:package=C:\...\Web.zip ^
    -dest:auto,computerName=https://hostname:8172/msdeploy.axd?site=,username=DeployUser,password=DeployPassword,authtype=Basic,includeAcls=False ^
    -verb:sync ^
    -disableLink:AppPoolExtension ^
    -disableLink:ContentExtension ^
    -disableLink:CertificateExtension ^
    -allowUntrusted ^
    -enableRule:AppOffline ^
    -enableRule:EncryptWebConfig

Running the command above returns this response:

Error Code: ERROR_USER_UNAUTHORIZED
More Information: Connected to the remote computer («hostname») using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.\
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.

I attempted to use a non-administrative user created in IIS, not Windows.

Process Used to Create IIS User

  1. Open Internet Information Services Manager
  2. Chose the hostname for the server
  3. Opened «Management Service»
  4. Set «Identity Credentials» to «Windows credentials or IIS Manager credentials»
  5. Left everything else as the default value and started the Web Deploy service (which started successfully)
  6. Opened «IIS Manager Users» under the same hostname.
  7. Added a new user with a password (the password only contains letters and numbers).
  8. Opened «IIS Manager Permissions» under «Default Web Site» for the same hostname
  9. Allowed the user I previously created in «IIS Manager Users» (Level: Site)

I used a parameter file for MsDeploy, the contents of which are below:

<parameters>
    <setParameter name="IIS Web Application Name" value="Default Web Site/Folder" />
</parameters>

I even tried changing the computerName parameter to wmsvc as suggested in this answer, but I still got the same error.

Any idea how to fix the «unauthorized» error?

In my previous post, you learned how to troubleshoot HTTP Error 503. Today, we will look into how to troubleshoot 401 – Unauthorized: Access is denied due to invalid credentials in Internet Information Services (IIS).

Contents

  1. 401 – Unauthorized
  2. How IIS authentication works
  3. Cause of error
  4. Debugging the error
  5. Resolving the error
  6. Common 401 substatus codes
  7. Conclusion
  • Author
  • Recent Posts

Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows servers, Active directory, PowerShell, web servers, networking, Linux, virtualization, and Kubernetes. He loves writing for his blog.

401 – Unauthorized

401 Unauthorized Access is denied due to invalid credentials

401 Unauthorized Access is denied due to invalid credentials

The 401 – Unauthorized: Access is denied due to invalid credentials error is a common access-related error that you may experience with a website hosted on IIS.

How IIS authentication works

The error itself indicates that it is caused by a failure to authorize access. Someone who is a beginner in IIS could find the error description «you do not have permission to view this directory or page using the credentials that you supplied» slightly confusing. If you think from an end user’s perspective, you might be wondering when you supplied any credentials while accessing the website. Well, this happened automatically on the server side. By default, every website hosted on IIS has anonymous authentication enabled.

If you open the IIS Manager, select your website, and then double-click Authentication under the IIS section in the Features view, you will see the various authentication modes (such as basic authentication, forms authentication, anonymous authentication, etc.) that are supported by IIS.

Viewing various authentication modes supported by a website in IIS

Viewing various authentication modes supported by a website in IIS

Each website has to have at least one authentication mode enabled and, by default, Anonymous Authentication mode enabled. Authentication is a mechanism that is used to verify the visitor’s identity to your website. See the following screenshot for reference:

Default authentication modes supported by a website in IIS

Default authentication modes supported by a website in IIS

Anonymous authentication allows visitors to access the public content of your website anonymously without having to supply any credentials. If you don’t want to use it, select the authentication mode, and then click Disable in the Actions pane on the right. To view or modify which credentials are used by anonymous authentication, click the Edit link on the right. You will see two options, as shown in the following screenshot:

View or modify the credentials used by anonymous authentication in IIS

View or modify the credentials used by anonymous authentication in IIS

By default, each website is set to use the IUSR user for anonymous user identity, which is a built-in account starting with IIS version 7. If you are using a custom username as the application pool identity, make sure you select the application pool identity option here. This way, you don’t have to worry about updating the user’s password in the website configuration over and over when the user’s password is changed.

Cause of error

The primary cause of the 401 – Unauthorized: Access is denied due to invalid credentials error is that you are using a custom username as the application pool identity. In simple terms, when you set the application pool to use a custom application pool identity (a custom username and password) rather than the default identity (which is ApplicationPoolIdentity), the Anonymous Authentication mode of the website continues using the IUSR user for authentication, which results in this error.

Debugging the error

As discussed in previous posts, the error page we saw above is a custom error page and does not reveal much helpful information for administrators. If you enable the detailed errors, you will see an error page with much detailed information, as shown in the following screenshot:

Error message 401.3 – You do not have permission to view this directory or page using the credentials you supplied (acc

Error message 401.3 – You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists)

The detailed error gave you the HTTP 401.3 status code, which will guide you in checking the access control permissions on the file system. Make sure that the user who is set as the application pool identity has the read and execute permissions on the website’s root directory. If the error persists, the most likely cause is incorrect anonymous user identity. The following screenshot shows the problematic scenario:

Mismatched application pool identity and anonymous authentication identity user in IIS

Mismatched application pool identity and anonymous authentication identity user in IIS

The screenshot shows a mismatched application pool identity and anonymous authentication identity on the website, which is causing the error. For a website to work properly, both should be the same.

Resolving the error

Now that you know the cause of the HTTP 401.3 status code, do the following to fix the error:

If you are using a custom username as the application pool identity, make sure that the user has read and execute permissions on the website’s root directory.

Ensuring that the custom application pool user has read and execute permissions on the root directory

Ensuring that the custom application pool user has read and execute permissions on the root directory

If you’re using the default ApplicationPoolIdentity for your application pool, make sure that the built-in IUSR user or IIS_IUSRS group has exactly the same permissions as shown in the screenshot below.

Ensuring that the default application pool identity has read and execute permissions on the root directory

Ensuring that the default application pool identity has read and execute permissions on the root directory

If the error persists, edit the Anonymous Authentication setting of your website, as explained in the How IIS authentication works section. Be sure it is set to use the Application pool identity. See the following screenshot for reference:

Modifying the anonymous authentication identity to match the application pool identity in IIS

Modifying the anonymous authentication identity to match the application pool identity in IIS

Common 401 substatus codes

The following table covers the most common HTTP 401 substatus codes, along with their possible causes and troubleshooting advice:

Subscribe to 4sysops newsletter!

Status Code Possible Cause Troubleshooting Advice
401.1 Logon failed The logon attempt failed, probably due to an invalid user name or password.
401.2 Logon failed due to server configuration The 401.2 status code indicates that there is a problem in the authentication configuration on the server.
401.3 Unauthorized due to ACL on resource We covered how to fix this error above.

Conclusion

I hope you’re enjoying this series of resolving common HTTP errors. In the next post, we will discuss how to fix the HTTP Error 403.14 – Forbidden error.

I am extracting gmail contacts using opencontactsnet. I get The remote server returned an error: (401) Unauthorized. when executing this line

HttpWebResponse exportResponse = ( HttpWebResponse ) contactsRequest.GetResponse();

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Net;
using System.Web.UI;
using System.Web.UI.WebControls;
using OpenContactsNet;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {
        GmailExtract gm = new GmailExtract();
        NetworkCredential nw = new NetworkCredential("chendur.pandiya","**");
        MailContactList mc;
        if (gm.Extract(nw, out mc))
        {

        }
        else
        {

        }
     }
}

Here is the complete GmailExtract class,

using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Text;
using Utilities.Web;

namespace OpenContactsNet
{
    public class GmailExtract : IMailContactExtract
    {
        private const string ContinueUrl = "http://mail.google.com/mail?ui=html&amp;zy=l";
        private const string ExportUrl = "https://mail.google.com/mail/contacts/data/export?exportType=ALL&groupToExport=&out=GMAIL_CSV";
        private const string LoginRefererUrl = "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2";
        private const string LoginUrl = "https://www.google.com/accounts/ServiceLoginAuth?service=mail";
        private const string UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; EmbeddedWB 14.52 from: http://www.bsalsa.com/ EmbeddedWB 14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 1.0.3705; .NET CLR 3.0.04506.30)";

        #region IMailContactExtract Members

        public bool Extract( NetworkCredential credential, out MailContactList list )
        {
            bool result = false;
            list = new MailContactList();

            try
            {
                CookieCollection cookies = new CookieCollection();

                // Prepare login form data
                HttpValueCollection loginFormValues = new HttpValueCollection();
                loginFormValues[ "ltmpl" ] = "default";
                loginFormValues[ "ltmplcache" ] = "2";
                loginFormValues[ "continue" ] = ContinueUrl;
                loginFormValues[ "service" ] = "mail";
                loginFormValues[ "rm" ] = "false";
                loginFormValues[ "hl" ] = "en";
                loginFormValues[ "Email" ] = credential.UserName;
                loginFormValues[ "Passwd" ] = credential.Password;
                loginFormValues[ "PersistentCookie" ] = "true";
                loginFormValues[ "rmShown" ] = "1";
                loginFormValues[ "null" ] = "Sign In";

                // Convert to bytes
                byte[] loginPostData = Encoding.UTF8.GetBytes( loginFormValues.ToString( true ) );

                HttpWebRequest loginRequest = ( HttpWebRequest ) WebRequest.Create( LoginUrl );
                loginRequest.Method = "POST";
                loginRequest.UserAgent = UserAgent;
                loginRequest.Referer = LoginRefererUrl;
                loginRequest.ContentType = "application/x-www-form-urlencoded";
                loginRequest.ContentLength = loginPostData.Length;
                loginRequest.AllowAutoRedirect = false;

                // Create cookie container
                loginRequest.CookieContainer = new CookieContainer();

                // Add post data to request
                Stream stream;
                using ( stream = loginRequest.GetRequestStream() )
                {
                    stream.Write( loginPostData, 0, loginPostData.Length );
                }

                HttpWebResponse loginResponse = ( HttpWebResponse ) loginRequest.GetResponse();

                cookies.Add( loginResponse.Cookies );

                // Create request to export Google CSV page
                HttpWebRequest contactsRequest = ( HttpWebRequest ) WebRequest.Create( ExportUrl );
                contactsRequest.Method = "GET";
                contactsRequest.UserAgent = UserAgent;
                contactsRequest.Referer = loginResponse.ResponseUri.ToString();

                // use cookie gotten from login page
                contactsRequest.CookieContainer = new CookieContainer();
                foreach ( Cookie cookie in cookies )
                {
                    contactsRequest.CookieContainer.Add( cookie );
                }

                HttpWebResponse exportResponse = ( HttpWebResponse ) contactsRequest.GetResponse();

                // Read data from response stream
                string csvData;
                using ( Stream responseStream = exportResponse.GetResponseStream() )
                {
                    using ( StreamReader streamRead = new StreamReader( responseStream ) )
                    {
                        csvData = streamRead.ReadToEnd();
                    }
                }

                // parse google csv
                string[] lines = csvData.Split( 'n' );
                foreach ( string line in lines )
                {
                    string[] values = line.Split( ',' );
                    if ( values.Length < 2 )
                    {
                        continue;
                    }

                    MailContact mailContact = new MailContact();
                    mailContact.Email = values[ 1 ];
                    mailContact.Name = values[ 0 ];
                    list.Add( mailContact );
                }

                result = true;
            }
            catch (Exception e)
            {
                throw e;
            }

            return result;
        }

        #endregion
    }
}

asked Aug 2, 2010 at 6:43

ACP's user avatar

I ran into the same problem. I had to change the GmailExtract class in opencontactsnet. Below is the new code which works for me.

public class GmailExtract : IMailContactExtract
    {
        private const string ContinueUrl = "https://mail.google.com/mail/?"; 
        private const string ExportUrl = "https://mail.google.com/mail/contacts/data/export?exportType=ALL&groupToExport=&out=GMAIL_CSV";
        private const string LoginRefererUrl = "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2";
        private const string LoginUrl = "https://www.google.com/accounts/ServiceLoginAuth?service=mail";
        private const string UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)";

        #region IMailContactExtract Members

        public bool Extract( NetworkCredential credential, out MailContactList list)
        {
            bool result = false;
            list = new MailContactList();

            DateTime jsStartDate = new DateTime(1970, 1, 1);
            TimeSpan endTs = DateTime.Now.Subtract(jsStartDate);
            TimeSpan startTs = DateTime.Now.AddMinutes(-2).Subtract(jsStartDate);

            try
            {
                CookieCollection cookies = new CookieCollection();

                // Prepare login form data
                HttpValueCollection loginFormValues = new HttpValueCollection();
                loginFormValues["Email"] = credential.UserName;
                loginFormValues["Passwd"] = credential.Password;
                loginFormValues["asts"] = "";
                loginFormValues["continue"] = ContinueUrl;
                loginFormValues["dsh"] = "1461574034599761425";
                loginFormValues["hl"] = "en";
                loginFormValues["ltmpl"] = "default";
                loginFormValues["ltmplcache"] = "2";
                loginFormValues["rm"] = "false";
                loginFormValues["rmShown"] = "1";
                loginFormValues["service"] = "mail";
                loginFormValues["signIn"] = "Sign In";
                loginFormValues["scc"] = "1";
                loginFormValues["ss"] = "1";
                loginFormValues["GALX"] = "rBTUs4OAJBI";
                loginFormValues["ltmpl"] = "default";
                loginFormValues["ltmpl"] = "default";

                // Convert to bytes
                byte[] loginPostData = Encoding.UTF8.GetBytes( loginFormValues.ToString( true ) );

                HttpWebRequest loginRequest = ( HttpWebRequest ) WebRequest.Create( LoginUrl );
                loginRequest.Method = "POST";
                loginRequest.UserAgent = UserAgent;
                loginRequest.Referer = LoginRefererUrl;
                loginRequest.ContentType = "application/x-www-form-urlencoded";
                loginRequest.ContentLength = loginPostData.Length;
                loginRequest.AllowAutoRedirect = false;

                // Create cookie container
                loginRequest.CookieContainer = new CookieContainer();
                loginRequest.CookieContainer.Add(new Cookie("GMAIL_LOGIN", "T" + startTs.Milliseconds.ToString() + "/" + startTs.Milliseconds.ToString() + "/" + endTs.Milliseconds.ToString(), "/", ".google.com"));
                loginRequest.CookieContainer.Add(new Cookie("GALX", "rBTUs4OAJBI", "/accounts", ".google.com"));

                // Add post data to request
                Stream stream;
                using ( stream = loginRequest.GetRequestStream())
                {
                    stream.Write( loginPostData, 0, loginPostData.Length);
                }

                HttpWebResponse loginResponse = ( HttpWebResponse ) loginRequest.GetResponse();

                cookies.Add( loginResponse.Cookies );

                // Create request to export Google CSV page
                HttpWebRequest contactsRequest = ( HttpWebRequest ) WebRequest.Create( ExportUrl );
                contactsRequest.Method = "GET";
                contactsRequest.UserAgent = UserAgent;
                contactsRequest.Referer = loginResponse.ResponseUri.ToString();

                // use cookie gotten from login page
                contactsRequest.CookieContainer = new CookieContainer();
                foreach ( Cookie cookie in cookies )
                {
                    contactsRequest.CookieContainer.Add( cookie );
                }

                HttpWebResponse exportResponse = ( HttpWebResponse ) contactsRequest.GetResponse();

                // Read data from response stream
                string csvData;
                using ( Stream responseStream = exportResponse.GetResponseStream())
                {
                    using ( StreamReader streamRead = new StreamReader( responseStream ) )
                    {
                        csvData = streamRead.ReadToEnd();
                    }
                }

                // parse google csv
                string[] lines = csvData.Split( 'n' );
                foreach ( string line in lines )
                {
                    string[] values = line.Split( ',' );
                    if ( values.Length < 2 )
                    {
                        continue;
                    }

                    MailContact mailContact = new MailContact();
                    mailContact.Email = values[ 28 ];
                    mailContact.Name = values[ 0 ];
                    if (mailContact.Email.Trim().Length > 0)
                    {

                         list.Add(mailContact);

                    }
                }

                result = true;
            }
            catch
            {
            }

            return result;
        }

        #endregion
    }

answered Aug 2, 2010 at 7:31

ajay_whiz's user avatar

ajay_whizajay_whiz

17.3k3 gold badges36 silver badges44 bronze badges

5

I am not familiar with google’s api nor do I know C#.
However check the URL you are sending your form to.
Looks like your authentication works. Otherwise you would have recieved a 403.
401 means that you (as an authenticated user) are not allowed to access the requested resource.

answered Aug 2, 2010 at 7:03

sprehn's user avatar

1

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information.

Is the LoginRefererUrl correctly formed? As that address isn’t found on google servers however the correctly formed version signs me straight into my mail box.

answered Aug 2, 2010 at 7:11

Confussedinwales's user avatar

I am extracting gmail contacts using opencontactsnet. I get The remote server returned an error: (401) Unauthorized. when executing this line

HttpWebResponse exportResponse = ( HttpWebResponse ) contactsRequest.GetResponse();

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Net;
using System.Web.UI;
using System.Web.UI.WebControls;
using OpenContactsNet;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {
        GmailExtract gm = new GmailExtract();
        NetworkCredential nw = new NetworkCredential("chendur.pandiya","**");
        MailContactList mc;
        if (gm.Extract(nw, out mc))
        {

        }
        else
        {

        }
     }
}

Here is the complete GmailExtract class,

using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Text;
using Utilities.Web;

namespace OpenContactsNet
{
    public class GmailExtract : IMailContactExtract
    {
        private const string ContinueUrl = "http://mail.google.com/mail?ui=html&amp;zy=l";
        private const string ExportUrl = "https://mail.google.com/mail/contacts/data/export?exportType=ALL&groupToExport=&out=GMAIL_CSV";
        private const string LoginRefererUrl = "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2";
        private const string LoginUrl = "https://www.google.com/accounts/ServiceLoginAuth?service=mail";
        private const string UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; EmbeddedWB 14.52 from: http://www.bsalsa.com/ EmbeddedWB 14.52; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 1.0.3705; .NET CLR 3.0.04506.30)";

        #region IMailContactExtract Members

        public bool Extract( NetworkCredential credential, out MailContactList list )
        {
            bool result = false;
            list = new MailContactList();

            try
            {
                CookieCollection cookies = new CookieCollection();

                // Prepare login form data
                HttpValueCollection loginFormValues = new HttpValueCollection();
                loginFormValues[ "ltmpl" ] = "default";
                loginFormValues[ "ltmplcache" ] = "2";
                loginFormValues[ "continue" ] = ContinueUrl;
                loginFormValues[ "service" ] = "mail";
                loginFormValues[ "rm" ] = "false";
                loginFormValues[ "hl" ] = "en";
                loginFormValues[ "Email" ] = credential.UserName;
                loginFormValues[ "Passwd" ] = credential.Password;
                loginFormValues[ "PersistentCookie" ] = "true";
                loginFormValues[ "rmShown" ] = "1";
                loginFormValues[ "null" ] = "Sign In";

                // Convert to bytes
                byte[] loginPostData = Encoding.UTF8.GetBytes( loginFormValues.ToString( true ) );

                HttpWebRequest loginRequest = ( HttpWebRequest ) WebRequest.Create( LoginUrl );
                loginRequest.Method = "POST";
                loginRequest.UserAgent = UserAgent;
                loginRequest.Referer = LoginRefererUrl;
                loginRequest.ContentType = "application/x-www-form-urlencoded";
                loginRequest.ContentLength = loginPostData.Length;
                loginRequest.AllowAutoRedirect = false;

                // Create cookie container
                loginRequest.CookieContainer = new CookieContainer();

                // Add post data to request
                Stream stream;
                using ( stream = loginRequest.GetRequestStream() )
                {
                    stream.Write( loginPostData, 0, loginPostData.Length );
                }

                HttpWebResponse loginResponse = ( HttpWebResponse ) loginRequest.GetResponse();

                cookies.Add( loginResponse.Cookies );

                // Create request to export Google CSV page
                HttpWebRequest contactsRequest = ( HttpWebRequest ) WebRequest.Create( ExportUrl );
                contactsRequest.Method = "GET";
                contactsRequest.UserAgent = UserAgent;
                contactsRequest.Referer = loginResponse.ResponseUri.ToString();

                // use cookie gotten from login page
                contactsRequest.CookieContainer = new CookieContainer();
                foreach ( Cookie cookie in cookies )
                {
                    contactsRequest.CookieContainer.Add( cookie );
                }

                HttpWebResponse exportResponse = ( HttpWebResponse ) contactsRequest.GetResponse();

                // Read data from response stream
                string csvData;
                using ( Stream responseStream = exportResponse.GetResponseStream() )
                {
                    using ( StreamReader streamRead = new StreamReader( responseStream ) )
                    {
                        csvData = streamRead.ReadToEnd();
                    }
                }

                // parse google csv
                string[] lines = csvData.Split( 'n' );
                foreach ( string line in lines )
                {
                    string[] values = line.Split( ',' );
                    if ( values.Length < 2 )
                    {
                        continue;
                    }

                    MailContact mailContact = new MailContact();
                    mailContact.Email = values[ 1 ];
                    mailContact.Name = values[ 0 ];
                    list.Add( mailContact );
                }

                result = true;
            }
            catch (Exception e)
            {
                throw e;
            }

            return result;
        }

        #endregion
    }
}

asked Aug 2, 2010 at 6:43

ACP's user avatar

I ran into the same problem. I had to change the GmailExtract class in opencontactsnet. Below is the new code which works for me.

public class GmailExtract : IMailContactExtract
    {
        private const string ContinueUrl = "https://mail.google.com/mail/?"; 
        private const string ExportUrl = "https://mail.google.com/mail/contacts/data/export?exportType=ALL&groupToExport=&out=GMAIL_CSV";
        private const string LoginRefererUrl = "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2";
        private const string LoginUrl = "https://www.google.com/accounts/ServiceLoginAuth?service=mail";
        private const string UserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)";

        #region IMailContactExtract Members

        public bool Extract( NetworkCredential credential, out MailContactList list)
        {
            bool result = false;
            list = new MailContactList();

            DateTime jsStartDate = new DateTime(1970, 1, 1);
            TimeSpan endTs = DateTime.Now.Subtract(jsStartDate);
            TimeSpan startTs = DateTime.Now.AddMinutes(-2).Subtract(jsStartDate);

            try
            {
                CookieCollection cookies = new CookieCollection();

                // Prepare login form data
                HttpValueCollection loginFormValues = new HttpValueCollection();
                loginFormValues["Email"] = credential.UserName;
                loginFormValues["Passwd"] = credential.Password;
                loginFormValues["asts"] = "";
                loginFormValues["continue"] = ContinueUrl;
                loginFormValues["dsh"] = "1461574034599761425";
                loginFormValues["hl"] = "en";
                loginFormValues["ltmpl"] = "default";
                loginFormValues["ltmplcache"] = "2";
                loginFormValues["rm"] = "false";
                loginFormValues["rmShown"] = "1";
                loginFormValues["service"] = "mail";
                loginFormValues["signIn"] = "Sign In";
                loginFormValues["scc"] = "1";
                loginFormValues["ss"] = "1";
                loginFormValues["GALX"] = "rBTUs4OAJBI";
                loginFormValues["ltmpl"] = "default";
                loginFormValues["ltmpl"] = "default";

                // Convert to bytes
                byte[] loginPostData = Encoding.UTF8.GetBytes( loginFormValues.ToString( true ) );

                HttpWebRequest loginRequest = ( HttpWebRequest ) WebRequest.Create( LoginUrl );
                loginRequest.Method = "POST";
                loginRequest.UserAgent = UserAgent;
                loginRequest.Referer = LoginRefererUrl;
                loginRequest.ContentType = "application/x-www-form-urlencoded";
                loginRequest.ContentLength = loginPostData.Length;
                loginRequest.AllowAutoRedirect = false;

                // Create cookie container
                loginRequest.CookieContainer = new CookieContainer();
                loginRequest.CookieContainer.Add(new Cookie("GMAIL_LOGIN", "T" + startTs.Milliseconds.ToString() + "/" + startTs.Milliseconds.ToString() + "/" + endTs.Milliseconds.ToString(), "/", ".google.com"));
                loginRequest.CookieContainer.Add(new Cookie("GALX", "rBTUs4OAJBI", "/accounts", ".google.com"));

                // Add post data to request
                Stream stream;
                using ( stream = loginRequest.GetRequestStream())
                {
                    stream.Write( loginPostData, 0, loginPostData.Length);
                }

                HttpWebResponse loginResponse = ( HttpWebResponse ) loginRequest.GetResponse();

                cookies.Add( loginResponse.Cookies );

                // Create request to export Google CSV page
                HttpWebRequest contactsRequest = ( HttpWebRequest ) WebRequest.Create( ExportUrl );
                contactsRequest.Method = "GET";
                contactsRequest.UserAgent = UserAgent;
                contactsRequest.Referer = loginResponse.ResponseUri.ToString();

                // use cookie gotten from login page
                contactsRequest.CookieContainer = new CookieContainer();
                foreach ( Cookie cookie in cookies )
                {
                    contactsRequest.CookieContainer.Add( cookie );
                }

                HttpWebResponse exportResponse = ( HttpWebResponse ) contactsRequest.GetResponse();

                // Read data from response stream
                string csvData;
                using ( Stream responseStream = exportResponse.GetResponseStream())
                {
                    using ( StreamReader streamRead = new StreamReader( responseStream ) )
                    {
                        csvData = streamRead.ReadToEnd();
                    }
                }

                // parse google csv
                string[] lines = csvData.Split( 'n' );
                foreach ( string line in lines )
                {
                    string[] values = line.Split( ',' );
                    if ( values.Length < 2 )
                    {
                        continue;
                    }

                    MailContact mailContact = new MailContact();
                    mailContact.Email = values[ 28 ];
                    mailContact.Name = values[ 0 ];
                    if (mailContact.Email.Trim().Length > 0)
                    {

                         list.Add(mailContact);

                    }
                }

                result = true;
            }
            catch
            {
            }

            return result;
        }

        #endregion
    }

answered Aug 2, 2010 at 7:31

ajay_whiz's user avatar

ajay_whizajay_whiz

17.3k3 gold badges36 silver badges44 bronze badges

5

I am not familiar with google’s api nor do I know C#.
However check the URL you are sending your form to.
Looks like your authentication works. Otherwise you would have recieved a 403.
401 means that you (as an authenticated user) are not allowed to access the requested resource.

answered Aug 2, 2010 at 7:03

sprehn's user avatar

1

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information.

Is the LoginRefererUrl correctly formed? As that address isn’t found on google servers however the correctly formed version signs me straight into my mail box.

answered Aug 2, 2010 at 7:11

Confussedinwales's user avatar

Появление сообщения об ошибке 401 Unauthorized Error («отказ в доступе») при открытии страницы сайта означает неверную авторизацию или аутентификацию пользователя на стороне сервера при обращении к определенному url-адресу. Чаще всего она возникает при ошибочном вводе имени и/или пароля посетителем ресурса при входе в свой аккаунт. Другой причиной являются неправильные настройки, допущенные при администрировании web-ресурса. Данная ошибка отображается в браузере в виде отдельной страницы с соответствующим описанием. Некоторые разработчики интернет-ресурсов, в особенности крупных порталов, вводят собственную дополнительную кодировку данного сбоя:

  • 401 Unauthorized;
  • Authorization Required;
  • HTTP Error 401 – Ошибка авторизации.

Попробуем разобраться с наиболее распространенными причинами возникновения данной ошибки кода HTTP-соединения и обсудим способы их решения.

При доступе к некоторым сайтам (или отдельным страницам этих сайтов), посетитель должен пройти определенные этапы получения прав:

  1. Идентификация – получение вашей учетной записи («identity») по username/login или email.
  2. Аутентификация («authentic») – проверка того, что вы знаете пароль от этой учетной записи.
  3. Авторизация – проверка вашей роли (статуса) в системе и решение о предоставлении доступа к запрошенной странице или ресурсу на определенных условиях.

Большинство пользователей сохраняют свои данные по умолчанию в истории браузеров, что позволяет быстро идентифицироваться на наиболее часто посещаемых страницах и синхронизировать настройки между устройствами. Данный способ удобен для серфинга в интернете, но может привести к проблемам с безопасностью доступа к конфиденциальной информации. При наличии большого количества авторизованных регистрационных данных к различным сайтам используйте надежный мастер-пароль, который закрывает доступ к сохраненной в браузере информации.

Наиболее распространенной причиной появления ошибки с кодом 401 для рядового пользователя является ввод неверных данных при посещении определенного ресурса. В этом и других случаях нужно попробовать сделать следующее:

  1. Проверьте в адресной строке правильность написания URL. Особенно это касается перехода на подстраницы сайта, требующие авторизации. Введите правильный адрес. Если переход на страницу осуществлялся после входа в аккаунт, разлогинитесь, вернитесь на главную страницу и произведите повторный вход с правильными учетными данными.
  2. При осуществлении входа с сохраненными данными пользователя и появлении ошибки сервера 401 проверьте их корректность в соответствующих настройках данного браузера. Возможно, авторизационные данные были вами изменены в другом браузере. Также можно очистить кэш, удалить cookies и повторить попытку входа. При удалении истории браузера или очистке кэша потребуется ручное введение логина и пароля для получения доступа. Если вы не помните пароль, пройдите процедуру восстановления, следуя инструкциям.
  3. Если вы считаете, что вводите правильные регистрационные данные, но не можете получить доступ к сайту, обратитесь к администратору ресурса. В этом случае лучше всего сделать скриншот проблемной страницы.
  4. Иногда блокировка происходит на стороне провайдера, что тоже приводит к отказу в доступе и появлению сообщения с кодировкой 401. Для проверки можно попробовать авторизоваться на том же ресурсе с альтернативного ip-адреса (например, используя VPN). При подтверждении блокировки трафика свяжитесь с провайдером и следуйте его инструкциям.

Некоторые крупные интернет-ресурсы с большим количеством подписчиков используют дополнительные настройки для обеспечения безопасности доступа. К примеру, ваш аккаунт может быть заблокирован при многократных попытках неудачной авторизации. Слишком частые попытки законнектиться могут быть восприняты как действия бота. В этом случае вы увидите соответствующее сообщение, но можете быть просто переадресованы на страницу с кодом 401. Свяжитесь с администратором сайта и решите проблему.

Иногда простая перезагрузка проблемной страницы, выход из текущей сессии или использование другого веб-браузера полностью решают проблему с 401 ошибкой авторизации.

Ошибка 401 - отказ в доступе

Устранение ошибки 401 администратором веб-ресурса 

Для владельцев сайтов, столкнувшихся с появлением ошибки отказа доступа 401, решить ее порою намного сложнее, чем обычному посетителю ресурса. Есть несколько рекомендаций, которые помогут в этом:

  • Обращение в службу поддержки хостинга сайта. Как и в случае возникновения проблем с провайдером, лучше всего подробно описать последовательность действий, приведших к появлению ошибки 401, приложить скриншот.
  • При отсутствии проблем на стороне хостинг-провайдера можно внести следующие изменения в настройки сайта с помощью строки Disallow:/адрес проблемной страницы. Запретить индексацию страницам с ошибкой в «rоbоts.txt», после чего добавить в файл «.htассеss» строку такого типа:
Redirect 301 /oldpage.html http://site.com/newpage.html.

Где в поле /oldpage.html прописывается адрес проблемной страницы, а в http://site.com/newpage.html адрес страницы авторизации.

Таким образом вы перенаправите пользователей со всех страниц, которые выдают ошибку 401, на страницу начальной авторизации.

  • Если после выполнения предыдущих рекомендаций пользователи при попытках авторизации все равно видят ошибку 401, то найдите на сервере файл «php.ini» и увеличьте время жизни сессии, изменив значения следующих параметров: «session.gc_maxlifetime» и «session.cookie_lifetime» на 1440 и 0 соответственно.
  • Разработчики веб-ресурсов могут использовать более сложные методы авторизации и аутентификации доступа для создания дополнительной защиты по протоколу HTTP. Если устранить сбой простыми методами администрирования не удается, следует обратиться к специалистам, создававшим сайт, для внесения соответствующих изменений в код.

Хотя ошибка 401 и является проблемой на стороне клиента, ошибка пользователя на стороне сервера может привести к ложному требованию входа в систему. К примеру, сетевой администратор разрешит аутентификацию входа в систему всем пользователям, даже если это не требуется. В таком случае сообщение о несанкционированном доступе будет отображаться для всех, кто посещает сайт. Баг устраняется внесением соответствующих изменений в настройки.

Дополнительная информация об ошибке с кодом 401

Веб-серверы под управлением Microsoft IIS могут предоставить дополнительные данные об ошибке 401 Unauthorized в виде второго ряда цифр:

  • 401, 1 – войти не удалось;
  • 401, 2 – ошибка входа в систему из-за конфигурации сервера;
  • 401, 3 – несанкционированный доступ из-за ACL на ресурс;
  • 401, 501 – доступ запрещен: слишком много запросов с одного и того же клиентского IP; ограничение динамического IP-адреса – достигнут предел одновременных запросов и т.д.

Более подробную информацию об ошибке сервера 401 при использовании обычной проверки подлинности для подключения к веб-узлу, который размещен в службе MS IIS, смотрите здесь. 

Следующие сообщения также являются ошибками на стороне клиента и относятся к 401 ошибке:

  • 400 Bad Request; 
  • 403 Forbidden; 
  • 404 Not Found;
  • 408 Request Timeout.

Как видим, появление ошибки авторизации 401 Unauthorized не является критичным для рядового посетителя сайта и чаще всего устраняется самыми простыми способами. В более сложной ситуации оказываются администраторы и владельцы интернет-ресурсов, но и они в 100% случаев разберутся с данным багом путем изменения настроек или корректировки html-кода с привлечением разработчика сайта. 

  • Remove From My Forums
  • Вопрос

  • (Beginner) Creating a Provider-hosted calendar list programmatically.

    I have done this:

    Uri hostWeb = new Uri(Request.QueryString["SPHostUrl"]);
    
                using (var clientContext = TokenHelper.GetS2SClientContextWithWindowsIdentity(hostWeb, Request.LogonUserIdentity))
                {
                    Web web = clientContext.Web;
                    ListCreationInformation listCreator = new ListCreationInformation();
                    listCreator.Title = "CompanyCalendar";
                    listCreator.Description = "Workcalendar";
                    
                    listCreator.TemplateType = (int)ListTemplateType.GanttTasks; //106 = events 120=CustomGrid 140=WorkflowHistory 150=GanttTasks
                    web.Lists.Add(listCreator);
                    clientContext.ExecuteQuery();
    }

    If I remove the code above there are no problems, as the title says there is something wrong with my permission to modify but I have set the wevb permission to «Full control» so it should be something else.

    Some people thinks that it has to do with IIS so I tried to set the servers authorization rules to allow all users but that didnt do it (maybe I didn’t do it right).

    Im a beginner so please explain as you would for a absolute beginner that dont know IIS.How can I solv this problem, why doesent I get permission to create a list on my sharepointsite?

    thanks

    • Изменено

      22 мая 2014 г. 22:54
      language

    • Изменен тип
      Hemendra Agrawal
      23 мая 2014 г. 5:09
      q

Ответы

  • Problem solved!

    I used a SharePoint developer-site (in my case «https://mysite@company.onmicrosoft.com») to debugg with instead of the virtual machine server (in my case «http://SERVER1»). It should be the other way around.

    I login to my virtual machine as Developer and to be able to use that login «Request.LogonUserIdentity» with my App I have to be connected to the virtual server «SERVER1» in my case.

    Beginners misstake. Hope it can help other beginners atleast.

    • Помечено в качестве ответа
      Hannes Bergsten
      26 мая 2014 г. 9:39

In my previous post, you learned how to troubleshoot HTTP Error 503. Today, we will look into how to troubleshoot 401 – Unauthorized: Access is denied due to invalid credentials in Internet Information Services (IIS).

Contents

  1. 401 – Unauthorized
  2. How IIS authentication works
  3. Cause of error
  4. Debugging the error
  5. Resolving the error
  6. Common 401 substatus codes
  7. Conclusion
  • Author
  • Recent Posts

Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows Servers, Active Directory, PowerShell, web servers, networking, Linux, virtualization, and penetration testing. He loves writing for his blog.

Latest posts by Surender Kumar (see all)

  • Backup in Proxmox VE — Thu, Jan 26 2023
  • Snapshots in Proxmox VE — Wed, Jan 25 2023
  • Create a Windows VM in Proxmox VE — Fri, Jan 13 2023

401 – Unauthorized

401 Unauthorized Access is denied due to invalid credentials

401 Unauthorized Access is denied due to invalid credentials

The 401 – Unauthorized: Access is denied due to invalid credentials error is a common access-related error that you may experience with a website hosted on IIS.

How IIS authentication works

The error itself indicates that it is caused by a failure to authorize access. Someone who is a beginner in IIS could find the error description «you do not have permission to view this directory or page using the credentials that you supplied» slightly confusing. If you think from an end user’s perspective, you might be wondering when you supplied any credentials while accessing the website. Well, this happened automatically on the server side. By default, every website hosted on IIS has anonymous authentication enabled.

If you open the IIS Manager, select your website, and then double-click Authentication under the IIS section in the Features view, you will see the various authentication modes (such as basic authentication, forms authentication, anonymous authentication, etc.) that are supported by IIS.

Viewing various authentication modes supported by a website in IIS

Viewing various authentication modes supported by a website in IIS

Each website has to have at least one authentication mode enabled and, by default, Anonymous Authentication mode enabled. Authentication is a mechanism that is used to verify the visitor’s identity to your website. See the following screenshot for reference:

Default authentication modes supported by a website in IIS

Default authentication modes supported by a website in IIS

Anonymous authentication allows visitors to access the public content of your website anonymously without having to supply any credentials. If you don’t want to use it, select the authentication mode, and then click Disable in the Actions pane on the right. To view or modify which credentials are used by anonymous authentication, click the Edit link on the right. You will see two options, as shown in the following screenshot:

View or modify the credentials used by anonymous authentication in IIS

View or modify the credentials used by anonymous authentication in IIS

By default, each website is set to use the IUSR user for anonymous user identity, which is a built-in account starting with IIS version 7. If you are using a custom username as the application pool identity, make sure you select the application pool identity option here. This way, you don’t have to worry about updating the user’s password in the website configuration over and over when the user’s password is changed.

Cause of error

The primary cause of the 401 – Unauthorized: Access is denied due to invalid credentials error is that you are using a custom username as the application pool identity. In simple terms, when you set the application pool to use a custom application pool identity (a custom username and password) rather than the default identity (which is ApplicationPoolIdentity), the Anonymous Authentication mode of the website continues using the IUSR user for authentication, which results in this error.

Debugging the error

As discussed in previous posts, the error page we saw above is a custom error page and does not reveal much helpful information for administrators. If you enable the detailed errors, you will see an error page with much detailed information, as shown in the following screenshot:

Error message 401.3 – You do not have permission to view this directory or page using the credentials you supplied (acc

Error message 401.3 – You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists)

The detailed error gave you the HTTP 401.3 status code, which will guide you in checking the access control permissions on the file system. Make sure that the user who is set as the application pool identity has the read and execute permissions on the website’s root directory. If the error persists, the most likely cause is incorrect anonymous user identity. The following screenshot shows the problematic scenario:

Mismatched application pool identity and anonymous authentication identity user in IIS

Mismatched application pool identity and anonymous authentication identity user in IIS

The screenshot shows a mismatched application pool identity and anonymous authentication identity on the website, which is causing the error. For a website to work properly, both should be the same.

Resolving the error

Now that you know the cause of the HTTP 401.3 status code, do the following to fix the error:

If you are using a custom username as the application pool identity, make sure that the user has read and execute permissions on the website’s root directory.

Ensuring that the custom application pool user has read and execute permissions on the root directory

Ensuring that the custom application pool user has read and execute permissions on the root directory

If you’re using the default ApplicationPoolIdentity for your application pool, make sure that the built-in IUSR user or IIS_IUSRS group has exactly the same permissions as shown in the screenshot below.

Ensuring that the default application pool identity has read and execute permissions on the root directory

Ensuring that the default application pool identity has read and execute permissions on the root directory

If the error persists, edit the Anonymous Authentication setting of your website, as explained in the How IIS authentication works section. Be sure it is set to use the Application pool identity. See the following screenshot for reference:

Modifying the anonymous authentication identity to match the application pool identity in IIS

Modifying the anonymous authentication identity to match the application pool identity in IIS

Common 401 substatus codes

The following table covers the most common HTTP 401 substatus codes, along with their possible causes and troubleshooting advice:

Subscribe to 4sysops newsletter!

Status Code Possible Cause Troubleshooting Advice
401.1 Logon failed The logon attempt failed, probably due to an invalid user name or password.
401.2 Logon failed due to server configuration The 401.2 status code indicates that there is a problem in the authentication configuration on the server.
401.3 Unauthorized due to ACL on resource We covered how to fix this error above.

Conclusion

I hope you’re enjoying this series of resolving common HTTP errors. In the next post, we will discuss how to fix the HTTP Error 403.14 – Forbidden error.

I am trying to get started with using IIS. I created a new site on IIS Manager, mapped it to a folder on my file system and added index.html to the folder. I have set the port to 85 for this site. When I try to access http://localhost:85/index.html, I get the following error message:

401.3 — unathorized — You do not have permission to view this directory or page because of the access control list (ACL)
configuration or encryption settings for this resource on the Web
server.

I gave read access to everybody on the folder and tried again. I could then access the page.

I then compared the properties of my folder with that of wwwroot. I found that wwwroot had read access on IIS_IUSRS…When I did the same on my folder and tried again, I got the above error again.
I checkedthat anonymous access is enabled by default, but I still get this error.

Why does this happen? What is the correct way to resolve the problem?

asked Oct 3, 2013 at 15:00

Aadith Ramia's user avatar

Aadith RamiaAadith Ramia

9,84519 gold badges65 silver badges86 bronze badges

0

I have struggled on this same issue for several days. It can be solved by modifying the security user access properties of the file system folder on which your site is mapped. But IIS_IUSRS is not the only account you must authorize.

  • In IIS management console, in the Authentication part of the configuration of your site, modify the «Anonymous authentication» line and check the account set as «Specific user» (mine is IUSR).
  • Give read and execution permission on the folder of your site to the account listed as the specific user.

OR

  • In IIS management console, in the Authentication part of the configuration of your site, modify the «Anonymous authentication» line by selecting «Identity of the application pool» instead of «Specific user».

ScottyG's user avatar

ScottyG

3,0963 gold badges30 silver badges42 bronze badges

answered May 6, 2014 at 12:29

groch's user avatar

2

Here is what worked for me.

  1. Set the app pool identity to an account that can be assigned
    permissions to a folder.
  2. Ensure the source directory and all related files have been granted
    read rights to the files to the account assigned to the app pool identity property
  3. In IIS, at the server root node, set anonymous user to inherit from
    app pool identity. (This was the part I struggled with)

To set the server anonymous to inherit from the app pool identity do the following..

  • Open IIS Manager (inetmgr)
  • In the left-hand pane select the root node (server host name)
  • In the middle pane open the ‘Authentication’ applet
  • Highlight ‘Anonymous Authentication’
  • In the right-hand pane select ‘Edit…’ (a dialog box should open)
  • select ‘Application pool identity’

answered Oct 19, 2015 at 18:23

barrypicker's user avatar

barrypickerbarrypicker

9,4928 gold badges62 silver badges78 bronze badges

6

TL;DR;

In most cases, granting access to the following account(s) (one|both) will be enough:

  1. IIS AppPoolDefaultAppPool
  2. IUSR

with Access Rights:

  1. Read & Execute
  2. List folder contents
  3. Read

That’s it!

Read on for a more detailed explanation…


  1. Open IIS and select your application.
  2. On the right side click on Authentication.
  3. Select «Anonymous authentication»
    here.
  4. The following dialog pops up.

enter image description here

Grant access to the web application folder’s ACL depending what is selected in the pic above:

  • Specific user: grant access for both IUSR (in my case) + IIS AppPoolDefaultAppPool
  • Application pool identity: grant access for IIS AppPoolDefaultAppPool only

IIS AppPoolDefaultAppPool account is the default AppPool account for new IIS web applications, if you have set a custom account, use the custom one.


Give the following permissions to the account(s):

  1. Read & Execute
  2. List folder contents
  3. Read

enter image description here

answered Jun 4, 2017 at 21:39

Legends's user avatar

LegendsLegends

20.3k12 gold badges93 silver badges120 bronze badges

1

Since you’re dealing with static content…

On the folder that acts as the root of your website- if you right click > properties > security, does «Users» show up in the list? if not click «Add…» and type it in, be sure to click «Apply» when you’re done.

answered Nov 8, 2013 at 23:34

joelmdev's user avatar

joelmdevjoelmdev

10.7k9 gold badges63 silver badges89 bronze badges

Community's user avatar

answered Jun 9, 2014 at 17:48

c-chavez's user avatar

c-chavezc-chavez

7,0705 gold badges33 silver badges48 bronze badges

Just in case anyone else runs into this. I troubleshooted all of these steps and it turns out because I unzipped some files from a MAC, Microsoft automatically without any notification Encrypted the files. After hours of trying to set folder permissions I went in and saw the file names were green which means the files were encrypted and IIS will throw the same error even if folder permissions are correct.

answered May 8, 2019 at 22:16

Joe's user avatar

JoeJoe

2244 silver badges18 bronze badges

1

  1. Create a new Site, Right Click on Sites folder then click add Site
  2. Enter the site name.
  3. Select physical path
  4. Select Ip Address
  5. Change Port
  6. Click OK
  7. Go to Application Pools
  8. Select the site pool
  9. Right-click the click Advance Settings
  10. Change the .Net CLR Version to «No Manage Code»
  11. Change the Identity to «ApplicationPoolIdentity»
  12. Go to Site home page then click «Authentication»
  13. Right-click to AnonymousAuthentication then click «Edit»
  14. Select Application Pool Identity
  15. Click ok
  16. boom!

for routes add a web.config

<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="React Routes" stopProcessing="true">
                    <match url=".*" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="/" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

answered Aug 12, 2020 at 11:56

Aevi Rontos's user avatar

Please enable the following items in Windows 2012 R2

enter image description here

answered Dec 30, 2019 at 17:28

user2907940's user avatar

If you are working with Application Pool authentication (instead of IUSR), which you should, then this list of checks by Jean Sun is the very best I could find to deal with 401 errors in IIS:


Open IIS Manager, navigate to your website or application folder where the site is deployed to.

  1. Open Advanced Settings (it’s on the right hand Actions pane).
  2. Note down the Application Pool name then close this window
  3. Double click on the Authentication icon to open the authentication settings
  4. Disable Windows Authentication
  5. Right click on Anonymous Authentication and click Edit
  6. Choose the Application pool identity radio button the click OK
  7. Select the Application Pools node from IIS manager tree on left and select the Application Pool name you noted down in step 3
  8. Right click and select Advanced Settings
  9. Expand the Process Model settings and choose ApplicationPoolIdentityfrom the «Built-in account» drop down list then click OK.
  10. Click OK again to save and dismiss the Application Pool advanced settings page
  11. Open an Administrator command line (right click on the CMD icon and select «Run As Administrator». It’ll be somewhere on your start menu, probably under Accessories.
  12. Run the following command:

    icacls <path_to_site> /grant "IIS APPPOOL<app_pool_name>"(CI)(OI)(M)
    

    For example:

    icacls C:inetpubwwwrootmysite /grant "IIS APPPOOLDEFAULTAPPPOOL":(CI)(OI)(M)
    

Especially steps 5. & 6. are often overlooked and rarely mentioned on the web.

answered Jan 10, 2020 at 10:38

Jpsy's user avatar

JpsyJpsy

19.6k7 gold badges116 silver badges112 bronze badges

  • Remove From My Forums
  • Question

  • User-649116597 posted

    When I run my web application. I got this error!!!!!!

    Line 133:            request.Method = "GET";
    Line 134:
    Line 135: using (HttpWebResponse response = request.GetResponse() as HttpWebResponse) Line 136:            {
    Line 137:                StreamReader reader = new StreamReader(response.GetResponseStream());

    Source File: C:UsersAnuragDocumentsVisual Studio 2010ProjectsTicketSystemTicketSystemDefault.aspx.cs    Line:
    135

    Stack Trace:

    [WebException: The remote server returned an error: (401) Unauthorized.]
       System.Net.HttpWebRequest.GetResponse() +6111075
       TicketSystem._Default.Button2_Click(Object sender, EventArgs e) in C:UsersAnuragDocumentsVisual Studio 2010ProjectsTicketSystemTicketSystemDefault.aspx.cs:135
       System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
       System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
       System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
       System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563
    

Answers

  • User-650628323 posted

    Hi,

    I agree with BrockAllen’s opinion. According to your description, you need to add the add Credentials for HttpWebRequest.  

    // Assign the credentials of the logged in user or the user being impersonated.
    request.Credentials = CredentialCache.DefaultCredentials;
    

    Or

    request.Credentials = new NetworkCredential("UserName", "PassWord"); 

    For details about it, please
    NetworkCredential Class and
    CredentialCache.DefaultCredentials Property.

    Best wishes,

    • Marked as answer by

      Thursday, October 7, 2021 12:00 AM

BaLahmuT

85 / 29 / 16

Регистрация: 01.06.2019

Сообщений: 608

1

14.04.2021, 22:01. Показов 8693. Ответов 8

Метки нет (Все метки)


Получаю погоду с api, при запуске представления вылетает ошибка: System.Net.WebException: «Удаленный сервер возвратил ошибку: (401) Несанкционированный.»

Модель:

Кликните здесь для просмотра всего текста

C#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 public class Weather
    {
        public Object getWeather()
        {
            string url = "http://api.openweathermap.org/data/2.5/weather?q=Kharkiv&APPID=03e45b7211028e0119ce0b1b3fa9fa90units=imperial";
 
            var client = new WebClient();
            var content = client.DownloadString(url);
 
            var serializer = new JavaScriptSerializer();
            var jsonContent = serializer.Deserialize<Object>(content);
 
            return jsonContent;
        }
    }

Контроллер:

Кликните здесь для просмотра всего текста

C#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
public class HomeController : Controller
    {
        // GET: Home
        public ActionResult Index()
        {
            return View();
        }
 
        public ActionResult Api()
        {
            return View();
        }
 
        public ActionResult Weather()
        {
            return View();
        }
 
        public JsonResult GetWeather()
        {
            Weather weath = new Weather();
            return Json(weath.getWeather(), JsonRequestBehavior.AllowGet);
        }
    }

Представление:

Кликните здесь для просмотра всего текста

C#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
@{ 
    ViewBag.Title = "Weather"; 
}
 
<h2>Weather</h2>
<div class="col-md-12">
    <h1>Current Conditions in <span data-bind="text:name"></span></h1>
</div>
 
<div class="col-md-12">
    Temperature is <span data-bind="text:main.temp"></span>&deg; F
</div>
 
<script>
    var weather = Object();
    $(document).ready(function () {
            $.get("@Url.Action("GetWeather", "Home")", function (response) {
                console.log(response);
                weather = ko.mapping.fromJS(response);
                ko.applyBindings(weather);
 
            });
    });
 
</script>

Миниатюры

Ошибка "(401) Несанкционированный"
 

__________________
Помощь в написании контрольных, курсовых и дипломных работ, диссертаций здесь

0

647 / 582 / 170

Регистрация: 17.07.2012

Сообщений: 1,648

Записей в блоге: 1

14.04.2021, 23:25

2

Rudman132, 401 отдает API. Видимо ему ключ какой-то нужен.

1

BaLahmuT

85 / 29 / 16

Регистрация: 01.06.2019

Сообщений: 608

15.04.2021, 15:13

 [ТС]

3

Cupko, Хмм..странно, если api ключ вынести в отдельную переменную то все работает

C#
1
string url = "http://api.openweathermap.org/data/2.5/weather?q=Cairo&APPID=" + key + "&units=imperial";

0

922 / 600 / 149

Регистрация: 09.09.2011

Сообщений: 1,879

Записей в блоге: 2

15.04.2021, 18:47

4

Лучший ответ Сообщение было отмечено Rudman132 как решение

Решение

Цитата
Сообщение от Rudman132
Посмотреть сообщение

странно, если api ключ вынести в отдельную переменную то все работает

Ничего странного. Пропущен разделитель.
&APPID=03e45b7211028e0119ce0b1b3fa9fa90<-тут-->units=imperial
Так что и первый вариант бы работал
Но второй правильнее с точки зрения программирования. Вы ж ключ менять будете и не раз. Не в тексте же его менять.

1

BaLahmuT

85 / 29 / 16

Регистрация: 01.06.2019

Сообщений: 608

15.04.2021, 23:09

 [ТС]

5

Вопрос такой, как привязать форму к api? чтоб город можно было указывать любой

C#
1
string url = "http://api.openweathermap.org/data/2.5/weather?q=Cairo&APPID=" + key + "&units=imperial";

Вот форма:

Кликните здесь для просмотра всего текста

C#
1
2
3
4
5
6
7
8
9
10
11
12
form action="Index" method="post" style="text-align: center">
        <table>
            <tr>
                <td style="font-size:18px">Enter city:</td>
                <td>
                    <input type="text" name="city" />
                    <input type="submit" id="search" value="Search"/>
                </td>
            </tr>
        </table>
        <hr />
    </form>

0

922 / 600 / 149

Регистрация: 09.09.2011

Сообщений: 1,879

Записей в блоге: 2

16.04.2021, 23:14

6

Цитата
Сообщение от Rudman132
Посмотреть сообщение

Вопрос такой, как привязать форму к api? чтоб город можно было указывать любой

Я давно не работал с погодным апи. Но наверное это с ним и не должно быть связано.
Объясните причину вопроса? Что такое привязать форму к АПИ? Или так — Зачем нужно привязать что-то к форме?

Форма — ввод города. Всё. Роль на этом заканчивается.
Запрос вы отправляете через бакэнд. Там вы и подставляете ключ. Собственно на бакэнде вы и можете манипулировать данными так как вам нужно.
И поэтому не понятно что за проблема вообще «можно было указывать любой город»

0

BaLahmuT

85 / 29 / 16

Регистрация: 01.06.2019

Сообщений: 608

17.04.2021, 11:04

 [ТС]

7

HF, Может неправильно сформулировал, имел ввиду: как текст из inputa подставить вместо

C#
1
q=Cairo

0

922 / 600 / 149

Регистрация: 09.09.2011

Сообщений: 1,879

Записей в блоге: 2

17.04.2021, 22:12

8

Лучший ответ Сообщение было отмечено Rudman132 как решение

Решение

Цитата
Сообщение от Rudman132
Посмотреть сообщение

Может неправильно сформулировал, имел ввиду: как текст из inputa подставить вместо

Судя по представлению — у вас запрос сразу уходит. Значит
1) вы должны сделать событие onclick на кнопку формы
2) и отправлять запрос исходя из данных этой формы. А точнее поля City
Далее запрос. Сейчас он у вас вызывает голый метод. А вы же хотите город. Значит и должны город передавать.
3) обновляйте запрос $.get("@Url.Action("GetWeather", "Home")" и добавляйте аргументом поле «city» из формы
Соответственно и контроллер должен начать принимать это поле
4) добавляйте в метод контроллера параметр string city
5) ваша переменная uri теперь должна подставлять значение city в ключ «q» аналогично ключу авторизации.

0

85 / 29 / 16

Регистрация: 01.06.2019

Сообщений: 608

17.04.2021, 23:17

 [ТС]

9

HF, понял, спасибо!

0

  • Remove From My Forums
  • Question

  • User-649116597 posted

    When I run my web application. I got this error!!!!!!

    Line 133:            request.Method = "GET";
    Line 134:
    Line 135: using (HttpWebResponse response = request.GetResponse() as HttpWebResponse) Line 136:            {
    Line 137:                StreamReader reader = new StreamReader(response.GetResponseStream());

    Source File: C:\Users\Anurag\Documents\Visual Studio 2010\Projects\TicketSystem\TicketSystem\Default.aspx.cs    Line:
    135

    Stack Trace:

    [WebException: The remote server returned an error: (401) Unauthorized.]
       System.Net.HttpWebRequest.GetResponse() +6111075
       TicketSystem._Default.Button2_Click(Object sender, EventArgs e) in C:\Users\Anurag\Documents\Visual Studio 2010\Projects\TicketSystem\TicketSystem\Default.aspx.cs:135
       System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
       System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
       System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
       System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563
    

Answers

  • User-650628323 posted

    Hi,

    I agree with BrockAllen’s opinion. According to your description, you need to add the add Credentials for HttpWebRequest.  

    // Assign the credentials of the logged in user or the user being impersonated.
    request.Credentials = CredentialCache.DefaultCredentials;
    

    Or

    request.Credentials = new NetworkCredential("UserName", "PassWord"); 

    For details about it, please
    NetworkCredential Class and
    CredentialCache.DefaultCredentials Property.

    Best wishes,

    • Marked as answer by

      Thursday, October 7, 2021 12:00 AM

I am trying to get started with using IIS. I created a new site on IIS Manager, mapped it to a folder on my file system and added index.html to the folder. I have set the port to 85 for this site. When I try to access http://localhost:85/index.html, I get the following error message:

401.3 — unathorized — You do not have permission to view this directory or page because of the access control list (ACL)
configuration or encryption settings for this resource on the Web
server.

I gave read access to everybody on the folder and tried again. I could then access the page.

I then compared the properties of my folder with that of wwwroot. I found that wwwroot had read access on IIS_IUSRS…When I did the same on my folder and tried again, I got the above error again.
I checkedthat anonymous access is enabled by default, but I still get this error.

Why does this happen? What is the correct way to resolve the problem?

asked Oct 3, 2013 at 15:00

Aadith Ramia's user avatar

Aadith RamiaAadith Ramia

10k19 gold badges67 silver badges86 bronze badges

0

I have struggled on this same issue for several days. It can be solved by modifying the security user access properties of the file system folder on which your site is mapped. But IIS_IUSRS is not the only account you must authorize.

  • In IIS management console, in the Authentication part of the configuration of your site, modify the «Anonymous authentication» line and check the account set as «Specific user» (mine is IUSR).
  • Give read and execution permission on the folder of your site to the account listed as the specific user.

OR

  • In IIS management console, in the Authentication part of the configuration of your site, modify the «Anonymous authentication» line by selecting «Identity of the application pool» instead of «Specific user».

ScottyG's user avatar

ScottyG

3,2243 gold badges32 silver badges42 bronze badges

answered May 6, 2014 at 12:29

groch's user avatar

2

Here is what worked for me.

  1. Set the app pool identity to an account that can be assigned
    permissions to a folder.
  2. Ensure the source directory and all related files have been granted
    read rights to the files to the account assigned to the app pool identity property
  3. In IIS, at the server root node, set anonymous user to inherit from
    app pool identity. (This was the part I struggled with)

To set the server anonymous to inherit from the app pool identity do the following..

  • Open IIS Manager (inetmgr)
  • In the left-hand pane select the root node (server host name)
  • In the middle pane open the ‘Authentication’ applet
  • Highlight ‘Anonymous Authentication’
  • In the right-hand pane select ‘Edit…’ (a dialog box should open)
  • select ‘Application pool identity’

answered Oct 19, 2015 at 18:23

barrypicker's user avatar

barrypickerbarrypicker

9,82511 gold badges65 silver badges79 bronze badges

6

TL;DR;

In most cases, granting access to the following account(s) (one|both) will be enough:

  1. IIS AppPool\DefaultAppPool
  2. IUSR

with Access Rights:

  1. Read & Execute
  2. List folder contents
  3. Read

That’s it!

Read on for a more detailed explanation…


  1. Open IIS and select your application.
  2. On the right side click on Authentication.
  3. Select «Anonymous authentication»
    here.
  4. The following dialog pops up.

enter image description here

Grant access to the web application folder’s ACL depending what is selected in the pic above:

  • Specific user: grant access for both IUSR (in my case) + IIS AppPool\DefaultAppPool
  • Application pool identity: grant access for IIS AppPool\DefaultAppPool only

IIS AppPool\DefaultAppPool account is the default AppPool account for new IIS web applications, if you have set a custom account, use the custom one.


Give the following permissions to the account(s):

  1. Read & Execute
  2. List folder contents
  3. Read

enter image description here

answered Jun 4, 2017 at 21:39

Legends's user avatar

LegendsLegends

21.3k16 gold badges98 silver badges123 bronze badges

1

Since you’re dealing with static content…

On the folder that acts as the root of your website- if you right click > properties > security, does «Users» show up in the list? if not click «Add…» and type it in, be sure to click «Apply» when you’re done.

answered Nov 8, 2013 at 23:34

joelmdev's user avatar

joelmdevjoelmdev

11.1k10 gold badges65 silver badges89 bronze badges

Community's user avatar

answered Jun 9, 2014 at 17:48

c-chavez's user avatar

c-chavezc-chavez

7,2575 gold badges35 silver badges49 bronze badges

  1. Create a new Site, Right Click on Sites folder then click add Site
  2. Enter the site name.
  3. Select physical path
  4. Select Ip Address
  5. Change Port
  6. Click OK
  7. Go to Application Pools
  8. Select the site pool
  9. Right-click the click Advance Settings
  10. Change the .Net CLR Version to «No Manage Code»
  11. Change the Identity to «ApplicationPoolIdentity»
  12. Go to Site home page then click «Authentication»
  13. Right-click to AnonymousAuthentication then click «Edit»
  14. Select Application Pool Identity
  15. Click ok
  16. boom!

for routes add a web.config

<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="React Routes" stopProcessing="true">
                    <match url=".*" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                        <add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="/" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

answered Aug 12, 2020 at 11:56

Aevi Rontos's user avatar

Just in case anyone else runs into this. I troubleshooted all of these steps and it turns out because I unzipped some files from a MAC, Microsoft automatically without any notification Encrypted the files. After hours of trying to set folder permissions I went in and saw the file names were green which means the files were encrypted and IIS will throw the same error even if folder permissions are correct.

answered May 8, 2019 at 22:16

Joe's user avatar

JoeJoe

2345 silver badges18 bronze badges

1

Please enable the following items in Windows 2012 R2

enter image description here

answered Dec 30, 2019 at 17:28

user2907940's user avatar

If you are working with Application Pool authentication (instead of IUSR), which you should, then this list of checks by Jean Sun is the very best I could find to deal with 401 errors in IIS:


Open IIS Manager, navigate to your website or application folder where the site is deployed to.

  1. Open Advanced Settings (it’s on the right hand Actions pane).
  2. Note down the Application Pool name then close this window
  3. Double click on the Authentication icon to open the authentication settings
  4. Disable Windows Authentication
  5. Right click on Anonymous Authentication and click Edit
  6. Choose the Application pool identity radio button the click OK
  7. Select the Application Pools node from IIS manager tree on left and select the Application Pool name you noted down in step 3
  8. Right click and select Advanced Settings
  9. Expand the Process Model settings and choose ApplicationPoolIdentityfrom the «Built-in account» drop down list then click OK.
  10. Click OK again to save and dismiss the Application Pool advanced settings page
  11. Open an Administrator command line (right click on the CMD icon and select «Run As Administrator». It’ll be somewhere on your start menu, probably under Accessories.
  12. Run the following command:

    icacls <path_to_site> /grant "IIS APPPOOL\<app_pool_name>"(CI)(OI)(M)
    

    For example:

    icacls C:\inetpub\wwwroot\mysite\ /grant "IIS APPPOOL\DEFAULTAPPPOOL":(CI)(OI)(M)
    

Especially steps 5. & 6. are often overlooked and rarely mentioned on the web.

answered Jan 10, 2020 at 10:38

Jpsy's user avatar

JpsyJpsy

20.1k7 gold badges118 silver badges115 bronze badges

  • Уголовное дело врачебная ошибка
  • Удаленный сервер возвратил ошибку 502 недопустимый шлюз еиас мониторинг
  • Удаленный сервер возвратил ошибку 227 entering passive mode
  • Увлажнитель воздуха skydew rhf 3318s ошибка е3
  • Уголовно правовое значение фактических ошибок при совершении преступления