401.2 Unauthorized – Invalid Authentication Headers When Using Anonymous Authentication
Nearly all of the posts that I’ve seen on the “401.2 Unauthorized” issue discuss issues with getting Windows Authentication working correctly. This post is not one of those, and it does not address how to resolve this error message when attempting to use Windows Authentication. The following post discusses how to get anonymous authentication back up and running after experiencing this error message.
Surprisingly enough, this issue is not directly caused by any of the following issues listed by the error message:
- No authentication protocol (including anonymous) is selected in IIS.
- Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
- Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
- The Web server is not configured for anonymous access and a required authorization header was not received.
- The “configuration/system.webServer/authorization” configuration section may be explicitly denying the user access.
It is, however, caused by an incorrectly configured user used during anonymous authentication. This may due to the user’s password changing after being configured within IIS or the user account being disabled or deleted.
To resolve this, go to the Internet Information Services (IIS) Manager and navigate to the website that is experiencing the problem.
Click “Authentication” under “IIS”.
Then, click “Anonymous Authentication” and click “Edit…” on the right sidebar.
Select the appropriate option from the dialog and enter the correct credentials (if required) and click “OK”.
Refresh your website and your problem should be resolved.
This entry was posted on Saturday, August 3rd, 2013 at 10:46 pm and is filed under Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.