You do not have permission to view this directory or page using the credentials that you supplied.
Every time IIS (Internet Information Services) is given a folder to access with information on a website, the 403 error page will appear if the right permissions are not given to the folder. It is a simple fix, but I don’t know why Microsoft hasn’t posted a proper answer on their KB, MSDN or their other support forums on this issue.
If you have just created an HTTP/HTTPS site on IIS 7/8/9/10 (true for most other IIS installs as well), you need to assign IIS_IUSRS security permissions to your assigned web folder. The following steps 1 to 7 describes the procedure.
1. Right click on the folder (the folder you assigned for web access in IIS)
2. Choose “Properties” (or “Edit Permissions” if you right clicked while inside the IIS window)
3. Go to “Security” tab
4. In the top box, “Group or user names”, open “Edit…” (will take you to Permissions window)
5. You will most likely cannot fine IIS_IUSRS in the list; open, “Add..”
6. In the box at the very bottom, “Enter the object names to select (examples):” enter IIS_IUSRS
7. Click OK and make sure in the Permissions window, you have allowed, Read & execute, List folder contents and Read
In a nutshell; Right click -> Properties/Edit Permissions -> Security (TAB) -> Edit (under Group or user names) -> Add (IIS_IUSRS) -> OK (make sure the right permissions described in steps 7 are there)
Other Solution
Another solution is to edit the following registry keys from Registry Editor. You can access the Register Editor in multiple ways. Type regedit on Window Search or open run and type regedit and enter will open the editor. Make sure you access the Registry Editor with Administrator privileges.
1. Once you open the Registry Editor, navigate to the location: HKEY_LOCAL_MACHINESystemCurrentControlSetControlSecurityProvidersSCHANNEL
2. Create a new DWORD (32-bit Value) entry name “ClientAuthTrustMode
3. Enter “2” in the Value data field (no revocation check).
Standing on the shoulders of giants
I use cookies to optimize site functionality and improve your experience. By continuing to use this site, you accept the use of cookies stated under Privacy Policy and Terms of Use. Read More ACCEPT
In a previous post, you learned how to troubleshoot 401 – Unauthorized: Access is denied due to invalid credentials. In this post, we will cover how to troubleshoot HTTP Error 403.14 – Forbidden in Internet Information Services (IIS).
Contents
- HTTP Error 403.14 – Forbidden
- Cause of error
- Resolving the error
- Directory browsing is not enabled
- Enable directory browsing using the IIS Manager
- Default document is not configured
- ASP.NET is not installed on the server
- Common 403 substatus codes
- Conclusion
- Author
- Recent Posts
Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows Servers, Active Directory, PowerShell, web servers, networking, Linux, virtualization, and penetration testing. He loves writing for his blog.
HTTP Error 403.14 – Forbidden
HTTP Error 403.14 Forbidden
The HTTP Error 403.14 – Forbidden is displayed when you try to access a website hosted on IIS having detailed errors enabled. As you can see in the screenshot, the error page says The Web server is configured to not list the contents of this directory and also indicates the most likely causes of this error.
If the detailed errors are not enabled, you will see a custom error page with a generic message: 403 –Forbidden: Access is denied.
403 Forbidden Access is denied
Cause of error
As indicated by the detailed error page, there are three likely causes of this error:
- Directory browsing is not enabled—Directory browsing is the ability of a web server to list the contents of the website’s root directory in a web browser. The following screenshot shows what a website looks like when directory browsing is enabled:
What a website looks like in a browser when directory browsing is enabled
As you can see in the screenshot, directory browsing enables visitors to view files and browse through the directories. The chances are pretty slim that you want your website to look like this.
- Default document is not configured—The default document is a file that is served by the web server when the client does not specify a particular file in a uniform resource locator (URL). By default, web server software recognizes file names such as default.htm, default.html, default.aspx, index.html, index.htm, etc. The following screenshot shows a list of default documents supported by IIS:
Viewing the default document for a website in the IIS Manager
To add a custom default document (e.g., awesomehome.html), click Add and then type the name of the default document. You could even change the order of documents by selecting one and then clicking the Move Up or Move Down options in the Actions pane on the right.
- The ASP.NET feature is not installed on the server—The default documents, such as aspx and index.html, only work with websites that use traditional frameworks. With modern frameworks and programming technologies such as MVC, the default pages are defined and handled right inside the application code by the developers. So, if your website is using MVC or a similar technology, you need to install the ASP.NET feature on the server. See how to install ASP.NET on the web server.
Resolving the error
We covered the possible causes of this error in the previous section. Now, depending on your scenario, you could try the following steps to fix this error:
Directory browsing is not enabled
If you know that your website should list the contents of the root directory so that visitors can browse the files and folders, you need to enable the Directory Browsing option, using either the IIS Manager or the web.config file.
Enable directory browsing using the IIS Manager
Open the IIS Manager, select your website, and then double-click the Directory Browsing option under IIS in Feature view.
Viewing the directory browsing feature in the IIS Manager
Now click Enable in the Actions pane on the right.
Enabling directory browsing using IIS manager
Enable directory browsing using the web.config file
If you’re using a shared hosting server, you could enable directory browsing using the web.config file itself:
Open the web.config file and paste the following code between the <system.webServer> and </system.webServer> tags:
<directoryBrowse enabled="true" />
Enable directory browsing using the web.config file
Default document is not configured
If your website uses a traditional framework and you see a file with a name such as default.aspx, index.html, or index.php in the website’s root directory, make sure the same filename is also available in the list of default documents. You could even ask the developer about the name of the default document for your website. For instance, I know that my website is supposed to use home.html as the default document. Therefore, I will add it either using the IIS Manager or the web.config file. See the following screenshots for reference:
Adding a default document for the website using the IIS Manager
Adding a default document to a website using the web.config file
ASP.NET is not installed on the server
If neither of the above solutions works, it is likely that your website is using MVC or a similar technology that requires the ASP.NET development feature on the server, and it is not currently installed. This error is common when you try to host an MVC website on a web server for the first time. To install ASP.NET, use the following PowerShell command:
Install-WindowsFeature Web-Asp-Net45 -IncludeAllSubFeature
This command installs ASP.NET 4.5 or higher on the web server, and your MVC website will start working.
If your website is supposed to use a legacy version of ASP.NET (e.g., 3.5 or below), use the following command instead:
Install-WindowsFeature Web-Asp-Net -IncludeAllSubFeature
Installing ASP.NET on a web server using PowerShell
Common 403 substatus codes
The following table covers some common HTTP 403 substatus codes, along with their possible causes and troubleshooting advice:
Subscribe to 4sysops newsletter!
Status Code | Possible Cause | Troubleshooting Advice |
403.1 | Execute access is forbidden | This error indicates that the appropriate level of the execute permission is not granted. To resolve this error, make sure the application pool identity has the execute permission. |
403.2 | Read access is forbidden | This error indicates that the appropriate level of the read permission is not granted. To resolve this error, make sure the application pool identity has the read permission. |
403.3 | Write access is forbidden | This error indicates that the appropriate level of the write permission is not granted. To resolve this error, make sure the application pool identity has the write permission. |
403.4 | An SSL connection is required | This error indicates that the request was made over a nonsecure HTTP channel but the web application is configured to require an SSL connection. |
403.13 | The client certificate has been revoked | This error indicates that the client browser tried to use a certificate that was revoked by issuing certificate authority. |
403.14 | The directory listing is denied | We covered how to fix this error above. |
Conclusion
The key to troubleshooting any IIS-related error is to enable the detailed errors. When the detailed errors aren’t helpful in revealing the actual HTTP status and substatus codes, you could use Failed Request Tracing to understand what’s going on with the HTTP request. I hope you find this post helpful.
Ok, I have scoured online resources and applied all the suggested solutions.
I am setting up a simple website on Windows Server 2008 R2 under IIS 7.5 using the “ASP.NET v4.0” pool. I am setting this up as an application under Default Web Site with a different root. I keep getting the 403 Forbidden error.
I have:
- Installed asp.net using aspnet_regiis.exe -i (many times)
- Made sure my root directory (physical path) has permissions for
“IIS_IUSR” and “IUSR” users. - Made sure “Anonymous Authentication” is enabled and set to “Application Pool Identity”
- I have restarted IIS numerous times
- I have checked and double-checked every other configuration.
What’s strange is that I have another application under Default Web Site and it works just fine.
Any suggestions will help. This shouldn’t be so hard unless I am missing something obvious.
asked Jun 20, 2012 at 2:05
dotnetsterdotnetster
1,6011 gold badge16 silver badges19 bronze badges
2
Ok, I am quite embarrassed but the over sight was that “Require SSL” was checked by default and that is the place I did not check. I guess it is because an SSL is bound to the Default Web Site. Removing that check made it work.
Hopefully this will help someone else.
answered Jun 20, 2012 at 13:18
dotnetsterdotnetster
1,6011 gold badge16 silver badges19 bronze badges
3
Haha you think that is embarrasing! This is probably the 1000th webserver I’ve installed… 30mins of 403s!! I can’t figure it out. There is a stub default.asp in there.. permissions all correct… everything!
I turned on “directory” browsing in desparation of flicking around.
default.asp.txt is sitting there….. DOH.
Need to turn OFF “known file types”… why is that setting like that anyway?
answered Jun 4, 2015 at 8:57
bendeckobendecko
2,5631 gold badge21 silver badges33 bronze badges
7
Another possible issue which leads to a 403 error:
The Global.asax
file is missing.
answered Nov 16, 2016 at 11:52
RaidriRaidri
17.1k9 gold badges61 silver badges65 bronze badges
For me the answer was in handler mappings section of IIS 7.5
Adding the following to web.config enabled all the aspx pages to work correctly
<configuration>
...
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<handlers accessPolicy="Read, Script" />
...
</system.webServer>
</configuration>
answered Nov 10, 2015 at 20:17
Grant permission to the Network Service
user in the NTFS folder
Also check the .Net authorization rules:
answered Jun 20, 2012 at 2:09
JupaolJupaol
21.1k8 gold badges68 silver badges100 bronze badges
2
Check that IP address restrictions are not blocking the request. Can check this in the logs.
(This was my embarrassing reason!)
answered Sep 21, 2016 at 11:06
GlennGGlennG
2,9722 gold badges20 silver badges25 bronze badges
Mine was even more embarrassing.
Right Click on folder,Remove READ only attribute
.
answered Aug 31, 2018 at 5:06
KumarHarshKumarHarsh
5,0041 gold badge18 silver badges22 bronze badges
For me, there was a vestigial Web.config
in C:inetpubwwwroot
with rewrite rules. Deleting it solved the problem.
answered Feb 26, 2019 at 18:29
Eric EskildsenEric Eskildsen
4,0791 gold badge38 silver badges53 bronze badges
I was facing issue on windows 7 and surprisingly it was fixed after installing service pack 1
answered Mar 27, 2019 at 15:43
You might also get this if setting up FTP for a website and you try and change the default directory for FTP on the website.
From what I can tell:
Manage FTP Site -> Advanced Settings -> Physical Path
is the same
Manage Website -> Advanced Settings -> Physical Path
Changing one will change the other and possibly cause a 403 on a working site.
answered May 13, 2019 at 4:32
я психанул снес в иисе default webсайт
у меня web application
я умею нажимать кнопку опубликоватть моего проекта
и в иисе кнопку импортделать только мне кажется что я что то не то делаю
и они пишет ошибку 403 когда по локалке пытаюсь зайти:
Ошибка сервера
403 – запрещено. Доступ запрещен.
Предоставленные учетные данные не дают права на просмотр этого каталога или страницы.
ну еще я в wwwroot все каталоги удалил
в общем что мне сейчас делать чтобы запилить сайт по локалке?
только пожалуйста не надо отвечать одним предложением что то вроде проблема в сертификатах и больше не появляться в этой теме.
если это правда просто то дайте инструкцию и зайдите потом второй раз вдруг у меня возникнут вопросы…
а они скорее всего возникнут они обычно всегда возникают спасибо
Добавлено через 21 час 24 минуты
спасибо за кучу ответов.
тему можно закрывать думаю оптимальное решшение переустановить iis
We published a folder through IIS 7.0 as below and put some files in it
https://www.example.net/mydocs
If we access the files as below through browser we are able to see it
https://www.example.net/mydocs/client.xml
https://www.example.net/mydocs/log.jpg
etc..
Now we need to write a pgm to download and upload files to this folder and we coded as below
WebClient webClient = new WebClient();
string webAddress = null;
try
{
webAddress = @"https://www.example.net/mydocs";
webClient.UseDefaultCredentials = true;
webClient.Credentials = CredentialCache.DefaultCredentials;
WebRequest serverRequest = WebRequest.Create(webAddress);
WebResponse serverResponse;
serverResponse = serverRequest.GetResponse();
serverResponse.Close();
webClient.UploadFile(webAddress + @"1.xml", "PUT", @"C:d1.xml");
webClient.Dispose();
webClient = null;
}
catch (Exception error)
{
MessageBox.Show(error.Message);
}
But it throwing and error at serverResponse = serverRequest.GetResponse();
The error is The remote server returned an error: (403) Forbidden.
Also if we try to access
https://www.example.net/mydocs
through browser we are getting the error
403 – Forbidden: Access is denied. You do not have permission to view
this directory or page using the credentials that you supplied. when
accessing the folder published through iis