I am trying to get started with using IIS. I created a new site on IIS Manager, mapped it to a folder on my file system and added index.html to the folder. I have set the port to 85 for this site. When I try to access http://localhost:85/index.html, I get the following error message:

401.3 - unathorized - You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.

I gave read access to everybody on the folder and tried again. I could then access the page.

I then compared the properties of my folder with that of wwwroot. I found that wwwroot had read access on IIS_IUSRS...When I did the same on my folder and tried again, I got the above error again. I checkedthat anonymous access is enabled by default, but I still get this error.

Why does this happen? What is the correct way to resolve the problem?

I have struggled on this same issue for several days. It can be solved by modifying the security user access properties of the file system folder on which your site is mapped. But IIS_IUSRS is not the only account you must authorize.

• In IIS management console, in the Authentication part of the configuration of your site, modify the "Anonymous authentication" line and check the account set as "Specific user" (mint is IUSR).
• Give read and execution permission on the folder of your site to that account.

OR

• In IIS management console, in the Authentication part of the configuration of your site, modify the "Anonymous authentication" line by selecting "Identity of the application pool" instead of "Specific user".

Here is what worked for me.

1. Set the app pool identity to an account that can be assigned permissions to a folder.
2. Ensure the source directory and all related files have been granted read rights to the files to the account assigned to the app pool identity property
3. In IIS, at the server root node, set anonymous user to inherit from app pool identity. (This was the part I struggled with)

To set the server anonymous to inherit from the app pool identity do the following..

• Open IIS Manager (inetmgr)
• In the left-hand pane select the root node (server host name)
• In the middle pane open the 'Authentication' applet
• Highlight 'Anonymous Authentication'
• In the right-hand pane select 'Edit...' (a dialog box should open)
• select 'Application pool identity'

Since you're dealing with static content...

On the folder that acts as the root of your website- if you right click > properties > security, does "Users" show up in the list? if not click "Add..." and type it in, be sure to click "Apply" when you're done.

TL;DR;

In most cases granting access to the following account(s) (one|both) will be enough:

1. IIS AppPool\DefaultAppPool
2. IUSR

with Access Rights:

1. Read & Execute
2. List folder contents
3. Read

That's it!

Read on for a more detailed explanation...

1. Open IIS and select your application.
2. On the right side click on Authentication.
3. Select "Anonymous authentication" here.
4. The following dialog pops up.

Grant access to the web application folder's ACL depending what is selected in the pic above:

• Specific user: grant access for both IUSR (in my case) + IIS AppPool\DefaultAppPool
• Application pool identity: grant access for IIS AppPool\DefaultAppPool only

IIS AppPool\DefaultAppPool account is the default AppPool account for new IIS web applications, if you have set a custom account, use the custom one.

Give the following permissions to the account(s):

1. Read & Execute
2. List folder contents
3. Read

That's it.

Try this solution:

https://serverfault.com/questions/38222/iis-7-5-windows-7-http-error-401-3-unauthorized

Also check if the user running the IIS AppPool has read access to that folder/file.

Have a look at this:

http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Also have a look at this:

http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis