IIS 7 and Above
How to revert back to IUSR for anonymous access?
Last post Oct 11, 2017 11:39 AM by SuperJoeCharboneau
Oct 10, 2017 12:40 PM|SuperJoeCharboneau|LINK
While troubleshooting an anonymous access issue the anonymous access was set to the Application Pool Identity. I'm trying to revert it back to the default IUSR account but I'm not having success.
What is the best/proper method for reverting back to the builtin IUSR account?
Oct 10, 2017 01:13 PM|lextm|LINK
I'm trying to revert it back to the default IUSR account but I'm not having success.
What have you tried? https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/anonymousauthentication If
you use IIS Manager to set IUSR as anonymous user, leave the password fields blank.
Oct 10, 2017 01:35 PM|SuperJoeCharboneau|LINK
I have, but I get a 401.2 - confirmed IUSR has read-access on the folder and the particular page I'm calling.
What is odd is I have another site on the same server where the IUSR works fine.
Oct 11, 2017 03:54 AM|Yuk Ding|LINK
The server could return 401.2 when you failed to authenticate the user or you did not even enable the authentication. First of all, please check whether your applicationhost.config have a section just like this:
<location path="Default Web Site">
<anonymousAuthentication userName="IUSR" />
Even if you don't set the IUSR from configuration editor, the password field in auhthentication->anonymous authentication->edit->specific user-> could leave the password blank.
Biesdes, please check whether the anonymous user is allowed in authorization rule just like:
<add accessType="Allow" users="*" verbs="GET.POST" />
<add accessType="Allow" users="?" />
In addition, the process monitor could help you troubleshooting the 401.2 error
Just ensure the anonymous user IUSR has read/write permission in both NTFS and authorization rule level.
If the steps above not working, you could try to remove the whole location path section to inherit the parent configuration or reinstall the IIS anonymous authentication form turn windows features on or off.
Oct 11, 2017 11:39 AM|SuperJoeCharboneau|LINK
Thank you Yuk. I think we found the root cause, the customer put a bit a code in their application to force Windows auth.