IIS 403 ISSUE

 

We can try to check some of these:

 

Every time IIS (Internet Information Services) is given a folder to access with information on a website, the 403 error page will appear if the right permissions are not given to the folder. It is a simple fix, but I don’t know why Microsoft hasn’t posted a proper answer on their KB, MSDN or their other support forums on this issue.

If you have just created an HTTP/HTTPS site on IIS 7/8/9/10 (true for most other IIS installs as well), you need to assign IIS_IUSRS security permissions to your assigned web folder. The following steps 1 to 7 describes the procedure.

1. Right click on the folder (the folder you assigned for web access in IIS)

2. Choose “Properties” (or “Edit Permissions” if you right clicked while inside the IIS window)

3. Go to “Security” tab

4. In the top box, “Group or user names”, open “Edit…” (will take you to Permissions window)

5. You will most likely cannot fine IIS_IUSRS in the list; open, “Add..”

6. In the box at the very bottom, “Enter the object names to select (examples):” enter IIS_IUSRS

7. Click OK and make sure in the Permissions window, you have allowed, Read & execute, List folder contents and Read

In a nutshell; Right click -> Properties/Edit Permissions -> Security (TAB) -> Edit (under Group or user names) -> Add (IIS_IUSRS) -> OK (make sure the right permissions described in steps 7 are there)

 

Case1 changing .net version clr

 

 

 

 

Case 2

Created default document with .html name in inetpub/wwwroot

 

 

 

 

 

 

 

Case 3

 

There was a vestigial Web.config in C:\inetpub\wwwroot with rewrite rules. Deleting it solved the problem.

 

 

 

 

Case 4

Need to check IP address restrictions are not blocking the request

 

 

Case 5

"Require SSL" was checked by default and that is the place I did not check. I guess it is because an SSL is bound to the Default Web Site. Removing that check made it work.

 

 

Case 6

 

Another possible issue which leads to a 403 error:

The Global.asax file is missing.

 

 

 

Case 7

 

You might also get this if setting up FTP for a website and you try and change the default directory for FTP on the website.

From what I can tell:

Manage FTP Site -> Advanced Settings -> Physical Path

is the same

Manage Website -> Advanced Settings -> Physical Path

Changing one will change the other and possibly cause a 403 on a working site.

 

 

 

Case 8

Allow Directory Browsing from IIS. Follow below steps to allow Directory Browsing.

Open IIS.

Select Your website from Left Pane.

Double click Directory Browsing from Right Pane/Center Pane.

In Right Pane under Actions Click Enable.

 

 

 

Case9

 

It ended up being missing windows features installed.

I can't exactly point out which features are missing as I got tired of it and installed most of them, but that for sure solved my problem (and enabling directory browsing did not).

Required IIS components

The IIS components listed below satisfy the minimum requirements to run the Web Adaptor. If other IIS components are enabled, they do not need to be removed.

• Web Management Tools
• IIS 6 Management Compatibility
• IIS Metabase and IIS 6 configuration compatibility
• IIS Management Console
• IIS Management Scripts and Tools
• IIS Management Service

• World Wide Web Services
• Application Development Features
• .NET Extensibility 4.5
• ASP.NET 4.5
• ISAPI Extensions
• ISAPI Filters
• WebSocket Protocol
• Common HTTP Features
• Default Document
• Static Content
• Security
• Basic Authentication
• Request Filtering
• Windows Authentication

Case 10.

 

 

Another solution is to edit the following registry keys from Registry Editor. You can access the Register Editor in multiple ways. Type regedit on Window Search or open run and type regedit and enter will open the editor. Make sure you access the Registry Editor with Administrator privileges.

Warning!

Make sure to backup your registry files before editing. I highly recommend testing this option on a non-production virtual machine prior to editing on the production server. I am not responsible for any catastrophic failures.

1. Once you open the Registry Editor, navigate to the location: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

2. Create a new DWORD (32-bit Value) entry name “ClientAuthTrustMode

3. Enter “2” in the Value data field (no revocation check).

 

Case 11

set Full permission for IIS_IUS and NETWORK SERVICE

 

 

Case 12

 

 

1.Right click the folder which you hosted the application and select property.

2.Select the Security tab

3.Click the Edit button and then Add button

4.Click the Locations button and make sure that you select your computer.

5.Enter IIS AppPool\ (eg: IIS AppPool\smartcrypt) in the Enter the object names to select: text box.

6.Click the Check Names button and click OK.

7.Check Modify under the Allow column, and click OK, and OK.

 

 

 

Case 13

 

403.1 - Execute access forbidden.
You do not have enough Execute permissions. For example, you may receive this error message if you try to access an ASPX page in a directory where permissions are set to None, or you try to execute a CGI script in a directory with Scripts Only permissions.

To modify the Execute permissions, right-click the directory in Microsoft Management Console (MMC), click Properties, click the Directory tab, and make sure that the Execute Permissions setting is appropriate for the content that you are trying to access.

 

 

Case 14

 

To resolve this problem, follow these steps:Click Start, type Inetmgr in the Start Search box, right-click Inetmgr in the Programs list, and then click Run as administrator.

If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.

In IIS Manager, locate the level that you want to manage.

In Features view, double-click Handler Mappings.

In the Action pane, click Edit Handler Permissions.

click to select Script, and then click OK.

or click to select Execute, and then click OK.