IIS 7.5 on Windows 7: How to fix “HTTP Error 401.3 – Unauthorized”

If you try to run a web application on IIS 7.5 and Windows 7 and you get the following error

HTTP Error 401.3 – Unauthorized
You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server.

it is most likely because of missing or wrong NTFS permissions. In detail, the identity that is used by the IIS web-server for “Anonymous Authentication” needs read permission on the web application’s physical folder. By default this identity is set to “IUSR“. To solve the HTTP Error 401.3 you could either

  • Grant read permissions on the web application’s physical folder for the IUSR user or
  • change the identity that is used for “Anonymous Authentication” to a user that has the required read permissions. In order to change the identity use the IIS Manager, select the website, select “Authentication” (in section IIS), right click on “Anonymous Authentication”, run edit action and define a “Specific user”.