HTTP 403 Forbidden: Access is denied ASP.NET Web API

Question

I'm getting the following error when running our ASP.NET Web API project on our production server.

403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

Looking at the IIS 7.0 error logs the underlying error is

403.14 - Directory listing denied.

I have configured the production server so it has the same settings as the staging server (which works). The authentication, modules, authorization, permissions etc are all identical.

Following a suggestion in this thread 403 - Forbidden: Access is denied. ASP.Net MVC I have managed to get it working by adding runAllManagedModulesForAllRequests="true" to my web.config file.

<modules runAllManagedModulesForAllRequests="true">

Whilst this works I don't see this as a long term solution as it will cause unnecessary load on the server.

So it seems to indicate that something isn't getting loaded that should be getting loaded.

Answer 1

In my case, someone deleted default Asp Net MVC Home/Index route in RouteConfig.

After placing this code back to the RouteConfig.cs in RegisterRoutes method the problem was gone.

    routes.MapRoute(
        name: "Default",
        url: "{controller}/{action}/{id}",
        defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
    );

Answer 2

You can follow this approach while deploying the application to production environment.

1. Publish the application in release mode.
2. Put your application in inetpub -- wwwroot folder because this folder have administrator rights.

Hopefully it should run.

Answer 3

The above error will pop up when you do not have the permission to access the folder/web.config file.

Try the following

1. In Windows Explorer, locate the web.config file that is associated with the application.
2. Right-click the web.config file
3. Click Properties.
4. Click the Security tab, and then click Edit.
5. Click Add.
6. In the Enter the object names to select box, IUSR, click Check Names, and then click OK.
7. Provide Full control, and then click OK.
8. In the Web.config Properties dialog box, click OK.

I think it should work .

Answer 4

如果它对任何人有帮助，我的问题是我的发布选项设置为“允许预编译站点可更新”，而我在部署的 API 中缺少文件“PrecompiledApp.config”。

Answer 5

I recently faced same issue while configuring my site on iis (https). In my case, tried several solutions like:

1. Folder security and access rights, I gave IIS_USER access even to test gave everyone access on deployed folder also change IIS permission but no luck.
2. Enabled "Directory Browsing" but no luck
3. Enabled "Anonymous Authentication" but no luck
4. Reinstall https SSL certificate since using https but no luck

and several hit and try and at last I found!!!!

It was very tiny problem I choose " Precompile during publishing " while publishing my website/APIs and when i unchecked this option everything become normal and start working fine, not sure actual reason why this happen but to resolve you may try as showing in picture (visual studio 2019) below:

Answer 6

My specific situation was that I had basic authentication and on the API controller in the Authorize decorator the role did not matchup with the role of the user I supplied for authentication. eg. [Authorize(AuthenticationSchemes =BasicAuthenticationHandler.SchemeName , Roles = "Tester") ]

Answer 7

We missed deployment configuration, application pool associated with the application not exists. I created an application pool with the same name and this error has gone away.