401 - Unauthorized On Server 2008 R2 IIS 7.5
Solution 1:
Sometimes you have to take a step back... The cause of this was I had a Html.RenderAction()
in my view that called an action method that was marked with the [Authorize]
attribute.
Solution 2:
Since it works locally but not remotely, it sounds to me like the anonymous user account doesn't have access to something, but your windows user does. To prove this, turn off Windows Authentication for the website and see if it breaks locally.
Whatever is breaking is likely running as your website identity instead of your app pool identity, otherwise it would break locally and remotely. My recommendation if you have 1 to 1 mappings of sites to app pools, or you have a highly trusted environment, is to set the anonymous user account to use the app pool identity. Then you don't need to worry about a 2nd user to maintain.
You mentioned process explorer. That's good for finding running info, but the tool that will likely uncover access denied errors is processmon (also from sysinternals). Try it, repro and capture, then search for the word 'denied'. It should turn up any access denied issues on disk.
Solution 3:
You will have this same behavior when you have a filter for custom authorization that inherits from AuthorizeAttribute
and one or more calls to OnAuthorization
method , with one of them setting AuthorizationContext.Result
to `HttpUnauthorizedResult'