Problem

I recently came across this error while upgrading an old ASP.NET application from IIS6 to IIS7…

401 Unauthorized: Access is denied due to invalid credentials

401 Error

How to fix it

Our ASP.NET application was using Windows Authentication to authenticate users.

It turned out that IIS7 was trying to use Kerberos authentication by default rather than NTLM.

The solution is to either configure Kerberos authentication or you can you can change the default security provider in IIS7 by ….

  1. Opening the IIS Manager Console
  2. Navigate to the web site
  3. Click the “Authentication” menu item
  4. Click the “Windows Authentication” provider
  5. Click the “Providers” link from the right hand menu
  6. Move “NTLM” to the top of the authentication providers list, above “Negotiate”
IIS7 Authentication Providers
Shane Bartholomeusz
Latest posts by Shane Bartholomeusz (see all)