未授权: 由于凭据无效，访问被拒绝

Make sure that you enabled anonymous authentication on iis like this:

If you're using IIS 7 do something like this:

1. Select your site.
2. Click on error pages.
3. Edit feature settings.
4. Select detailed errors.

In case anyone is still looking for this, this solved the problem for us:

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1. Open IIS and select the website that is causing the 401
2. Open the "Authentication" property under the "IIS" header
3. Click the "Windows Authentication" item and click "Providers"
4. For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Here is the link where this was found.

I realize its an old question, but this came up in my searches. Had a similar issue for an MVC application recently built, deployed for the first time, and Authentication mechanism wasn't completely hashed out.

It wasn't an IIS setting in my case, it was a Controller that was not [AllowAnonymous] decorated. I was using a Render.Action/Html.Action in a Layout.cshtml and the User was unauthenticated. So the Layout tried to load an Authenticated Action in an UnAuthenticated context.

Once I updated the action to AllowAnonymous, the problem went away, and this is what led me to it.

Hope this helps someone.

I realize this is an older post but I had the same error on IIS 8.5. Hopefully this can help another experiencing the same issue (I didn't see my issue outlined in other questions with a similar title).

Everything seemed set up correctly with the Application Pool Identity, but I continued to receive the error. After much digging, there is a setting for the anonymous user to use the credentials of the application pool identity or a specific user. For whatever reason, mine was defaulted to a specific user. Altering the setting to the App Pool Identity fixed the issue for me.

1. IIS Manager → Sites → Website
2. Double click "Authentication"
3. Select Anonymous Authentication
4. From the Actions panel, select Edit
5. Select Application pool Identity and click ok

Hopefully this saves someone else some time!

I faced similar issue.

The folder was shared and Authenticated Users permission was provided, which solved my issue.

i faced the same issue under IIS 8.5. A working solution for me was changing the IIS to display detailled errors. See answer from sna2stha. But i think it is not a good idea to forward detailed error messages to browsers in production enviroments. I added/changed the existingResponse attribute in the httpErrors-Section, so the IIS not handled any extisting Asp.net Response:

<system.webServer>
<httpErrors existingResponse="PassThrough" />
</system.webServer>

This works for me.

I had a similar issue today. For some reason, my GET request was fine, but PUT request was failing for my WCF WebHttp Service

Adding the following to the Web.config solved the issue

 <system.web>
<authentication mode="Forms" />
</system.web>

I faced this error when I created an empty project with the MVC folders and then deployed the application to the server. My issue was that I didn't define the authentication in Web.config, so all I had to do was add this line to a system.web tag.

<system.web>
<authentication mode="None"/>
</system.web>

In my case,
My application is developed in MVC and my home controller class was decorated with [Authorize] which was causing this issue.
So I've removed it because my application don't require any authentication.

I had a permissions issue to a website and just couldn't get Windows authentication to work. It was a folder permissions rather than ASP.NET configuration issue in the end and once the Everyone user was granted permissions it started working.

I had a slightly different problem. The credential problem was for the underlying user running the application, not the user trying to login. One way to test this is to go to IIS Management -> Sites -> Your Site -> Basic Settings -> Test Settings.

In my case, what made it work was changing the Anonymous User identity from Specific user (IUSR) to Application Pool Identity. Weird enought because other sites are using the specific user IUSR and work fine.

I had this issue on IIS 10. This is how I fixed it.

1. Open IIS
2. Select The Site
3. Open Authentication
4. Edit Anonymous Authentication
5. Select Application Pool Identity

As so many answers have demonstrated, the error might be caused by a variety of reasons. In my case it was connected to authorization rules: they were added much later after the application was deployed. This feature of IIS is turned on as a Windows component (World Wide Web Services->Security->URL Authorization).

This particular section inside web.config was to blame:

<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Deny" users="?" />
<add accessType="Deny" users="user1,user2" />
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>

Thus the record for users="?" blocked access to a path with anonymous authentication too since it inherited the rules by default. However, in IIS you can go to a particular folder/file that should be accessed anonymously and choose Authorization Rules:

Here it's possible to overwrite the rules locally by removing the old one and optionally adding the allowed rule instead to make it more explicit:

You can press F4 on the web project to get the "Project Properties" window.

Then make sure Anonymous Authentication is Enabled in the "Development Server" section:

Right click on the main directory where the project files are located.

Properties-> Security-> Edit-> Add-> type IIS_IUSRS and click on "Check Names" button.

The result will look like ComputerUsername\IIS_IUSRS

For example: DESKTOP-M0R6PVF\IIS_IUSRS

and then click on "Ok" button.