web site configuration
Your web.config is set up properly. Further, ensure the IIS site/app is configured as:
- to NOT allow anonymous access
- forcing Integrated Windows authentication
- leave the app pool as Network Service
IIS7
- ensure you have the Windows Authentication security feature installed in Roles & Features.
- In IIS7, go to the IIS or Features View, double-click Authentication.
- On the Authentication page, select Windows Authentication
- On the Authentication page, disable Anonymous Authentication
- MSDN article
IIS6
Find the dialog below at
- Control Panel / Administrative Tools -> IIS Manager -> Right click Web site -> Properties -> Directory Security
Maybe it can be useful: I started to receive 401.2. error in .ASPX application (no changes in the app made), in protected path amd Forms auth.:
<authentication mode="Forms">...</authentication>...<location path="Admin"> <system.web> <authorization> <allow roles="Admin,Client" /> <deny users="*" /> </authorization> </system.web></location>
AFTER launching of other MVC applications on same computer/IIS. It seems MVC changed something in server's config (routes, I believe). Any playing with Authentication in IIS (computer/server/site) did not help. But Next helped: I have changed Application pool from .Net 4.5 to .Net 4.5 Classic for the web application. The difference in pool Managed pipeline mode, Integrated/Classic.