HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Most likely cause:
No authentication protocol (including anonymous) is selected in IIS.
# Run come Administrator
.\scripts\Fix-401Error.ps1Lo script:
- ? Verifica configurazione autenticazione corrente
- ? Disabilita Windows Authentication in IIS
- ? Abilita Anonymous Authentication in IIS
- ? Verifica le modifiche
- ? Controlla web.config per override
- ? Riavvia App Pool
- ? Testa il sito
Import-Module WebAdministration
# Abilita Anonymous Authentication
Set-WebConfigurationProperty `
-Filter /system.webServer/security/authentication/anonymousAuthentication `
-Name enabled `
-Value true `
-PSPath "IIS:\Sites\SecureBootDashboard.Web"
# Disabilita Windows Authentication
Set-WebConfigurationProperty `
-Filter /system.webServer/security/authentication/windowsAuthentication `
-Name enabled `
-Value false `
-PSPath "IIS:\Sites\SecureBootDashboard.Web"
# Verifica
Get-WebConfigurationProperty `
-Filter /system.webServer/security/authentication/* `
-Name enabled `
-PSPath "IIS:\Sites\SecureBootDashboard.Web"
# Restart
Restart-WebAppPool "SecureBootDashboard.Web"
Start-Sleep -Seconds 5
# Test
Invoke-WebRequest -Uri "https://secbootsrv.mslabs.local" -UseBasicParsing -SkipCertificateCheck- Apri IIS Manager
- Naviga a Sites ? SecureBootDashboard.Web
- Doppio click su "Authentication"
- Seleziona "Anonymous Authentication"
- Click su "Enable" nel pannello Actions
- Seleziona "Windows Authentication"
- Click su "Disable" nel pannello Actions
- Riavvia il sito
| Passo | Azione | Risultato |
|---|---|---|
| 1 | Disabilitato Windows Auth per risolvere conflitto | ? App si avvia |
| 2 | Ma Anonymous Auth non abilitata | ? 401.2 Error |
| 3 | IIS dice "Non so come autenticare!" | ? Errore |
Browser Request
?
IIS (Anonymous Auth ENABLED)
?
Passa richiesta anonima a ASP.NET Core
?
ASP.NET Core Negotiate Handler
?
Chiede credenziali Windows al browser
?
Browser invia credenziali NTLM/Kerberos
?
ASP.NET Core autentica utente
?
? SUCCESS
| Autenticazione | IIS | ASP.NET Core |
|---|---|---|
| Windows | ? DISABLED | ? ENABLED (Negotiate) |
| Anonymous | ? ENABLED | ? (Pass-through) |
| Basic | ? DISABLED | ? DISABLED |
# Controlla IIS settings
$sitePath = "IIS:\Sites\SecureBootDashboard.Web"
Write-Host "Windows Auth:" (Get-WebConfigurationProperty `
-Filter /system.webServer/security/authentication/windowsAuthentication `
-Name enabled -PSPath $sitePath).Value
Write-Host "Anonymous Auth:" (Get-WebConfigurationProperty `
-Filter /system.webServer/security/authentication/anonymousAuthentication `
-Name enabled -PSPath $sitePath).Value
# Expected Output:
# Windows Auth: False
# Anonymous Auth: True$response = Invoke-WebRequest -Uri "https://secbootsrv.mslabs.local" `
-UseBasicParsing `
-SkipCertificateCheck
Write-Host "Status: $($response.StatusCode)"
# Expected: 200 (or 302 redirect to login)Apri il browser e vai a: https://secbootsrv.mslabs.local
Comportamento Atteso:
- Browser chiede credenziali Windows (popup o automatico)
- Dopo login, vedi la dashboard
- Dashboard mostra il tuo username Windows
Se vedi:
- ? HTTP 200 + Dashboard ? SUCCESS
- ? HTTP 302 Redirect ? Normal (redirect a login)
- ? HTTP 401 ? Anonymous Auth non abilitata correttamente
IIS Manager ? Sites ? SecureBootDashboard.Web ? Authentication
Dovrebbe mostrare:
Anonymous Authentication: ? Enabled
Windows Authentication: ? Disabled
$webConfig = "C:\inetpub\SecureBootDashboard.Web\web.config"
Select-String -Path $webConfig -Pattern "authentication|windowsAuthentication|anonymousAuthentication"Se trovi tag <authentication> o <windowsAuthentication>, potrebbero sovrascrivere le impostazioni IIS.
iisreset
Start-Sleep -Seconds 10# Stdout logs
Get-Content "C:\Logs\SecureBootDashboard\stdout-*.log" -Tail 30
# Event Viewer
Get-EventLog -LogName Application -Source "*AspNetCore*" -Newest 5| Errore | Causa | Fix |
|---|---|---|
| HTTP 500.30 | CLR worker thread | ? Changed hostingModel |
| InvalidOperationException | Windows Auth conflict | ? Disabled IIS Windows Auth |
| HTTP 401.2 | No auth protocol | ? Enabled Anonymous Auth |
- IIS Windows Authentication: Disabled
- IIS Anonymous Authentication: Enabled
- App Pool riavviato
- Site testa OK (HTTP 200 o 302)
- Browser chiede credenziali Windows
- Dashboard mostra username autenticato
- Nessun errore in stdout logs
- Nessun errore in Event Viewer
# Fix completo
.\scripts\Fix-401Error.ps1
# Solo verifica
Get-WebConfigurationProperty -Filter /system.webServer/security/authentication/* -Name enabled -PSPath "IIS:\Sites\SecureBootDashboard.Web"
# Solo restart
Restart-WebAppPool "SecureBootDashboard.Web"
# Test
Invoke-WebRequest -Uri "https://secbootsrv.mslabs.local" -UseBasicParsing -SkipCertificateCheckDopo il fix:
- ? Sito accessibile
- ? Windows Authentication funziona
- ? Utenti vedono prompt login Windows
- ? Dashboard mostra dati con autenticazione
- ? Nessun errore 401 o 500
Versione: 1.3.4 (401.2 Fix)