In a previous post, you learned how to troubleshoot 401 – Unauthorized: Access is denied due to invalid credentials. In this post, we will cover how to troubleshoot HTTP Error 403.14 – Forbidden in Internet Information Services (IIS).
Contents
- HTTP Error 403.14 – Forbidden
- Cause of error
- Resolving the error
- Directory browsing is not enabled
- Enable directory browsing using the IIS Manager
- Default document is not configured
- ASP.NET is not installed on the server
- Common 403 substatus codes
- Conclusion
- Author
- Recent Posts
Surender Kumar has more than twelve years of experience in server and network administration. His fields of interest are Windows Servers, Active Directory, PowerShell, web servers, networking, Linux, virtualization, and penetration testing. He loves writing for his blog.
Latest posts by Surender Kumar (see all)
- Extending LVM space in Ubuntu — Thu, Feb 2 2023
- Backup in Proxmox VE — Thu, Jan 26 2023
- Snapshots in Proxmox VE — Wed, Jan 25 2023
HTTP Error 403.14 – Forbidden
HTTP Error 403.14 Forbidden
The HTTP Error 403.14 – Forbidden is displayed when you try to access a website hosted on IIS having detailed errors enabled. As you can see in the screenshot, the error page says The Web server is configured to not list the contents of this directory and also indicates the most likely causes of this error.
If the detailed errors are not enabled, you will see a custom error page with a generic message: 403 –Forbidden: Access is denied.
403 Forbidden Access is denied
Cause of error
As indicated by the detailed error page, there are three likely causes of this error:
- Directory browsing is not enabled—Directory browsing is the ability of a web server to list the contents of the website’s root directory in a web browser. The following screenshot shows what a website looks like when directory browsing is enabled:
What a website looks like in a browser when directory browsing is enabled
As you can see in the screenshot, directory browsing enables visitors to view files and browse through the directories. The chances are pretty slim that you want your website to look like this.
- Default document is not configured—The default document is a file that is served by the web server when the client does not specify a particular file in a uniform resource locator (URL). By default, web server software recognizes file names such as default.htm, default.html, default.aspx, index.html, index.htm, etc. The following screenshot shows a list of default documents supported by IIS:
Viewing the default document for a website in the IIS Manager
To add a custom default document (e.g., awesomehome.html), click Add and then type the name of the default document. You could even change the order of documents by selecting one and then clicking the Move Up or Move Down options in the Actions pane on the right.
- The ASP.NET feature is not installed on the server—The default documents, such as aspx and index.html, only work with websites that use traditional frameworks. With modern frameworks and programming technologies such as MVC, the default pages are defined and handled right inside the application code by the developers. So, if your website is using MVC or a similar technology, you need to install the ASP.NET feature on the server. See how to install ASP.NET on the web server.
Resolving the error
We covered the possible causes of this error in the previous section. Now, depending on your scenario, you could try the following steps to fix this error:
Directory browsing is not enabled
If you know that your website should list the contents of the root directory so that visitors can browse the files and folders, you need to enable the Directory Browsing option, using either the IIS Manager or the web.config file.
Enable directory browsing using the IIS Manager
Open the IIS Manager, select your website, and then double-click the Directory Browsing option under IIS in Feature view.
Viewing the directory browsing feature in the IIS Manager
Now click Enable in the Actions pane on the right.
Enabling directory browsing using IIS manager
Enable directory browsing using the web.config file
If you’re using a shared hosting server, you could enable directory browsing using the web.config file itself:
Open the web.config file and paste the following code between the <system.webServer> and </system.webServer> tags:
<directoryBrowse enabled="true" />
Enable directory browsing using the web.config file
Default document is not configured
If your website uses a traditional framework and you see a file with a name such as default.aspx, index.html, or index.php in the website’s root directory, make sure the same filename is also available in the list of default documents. You could even ask the developer about the name of the default document for your website. For instance, I know that my website is supposed to use home.html as the default document. Therefore, I will add it either using the IIS Manager or the web.config file. See the following screenshots for reference:
Adding a default document for the website using the IIS Manager
Adding a default document to a website using the web.config file
ASP.NET is not installed on the server
If neither of the above solutions works, it is likely that your website is using MVC or a similar technology that requires the ASP.NET development feature on the server, and it is not currently installed. This error is common when you try to host an MVC website on a web server for the first time. To install ASP.NET, use the following PowerShell command:
Install-WindowsFeature Web-Asp-Net45 -IncludeAllSubFeature
This command installs ASP.NET 4.5 or higher on the web server, and your MVC website will start working.
If your website is supposed to use a legacy version of ASP.NET (e.g., 3.5 or below), use the following command instead:
Install-WindowsFeature Web-Asp-Net -IncludeAllSubFeature
Installing ASP.NET on a web server using PowerShell
Common 403 substatus codes
The following table covers some common HTTP 403 substatus codes, along with their possible causes and troubleshooting advice:
Subscribe to 4sysops newsletter!
Status Code | Possible Cause | Troubleshooting Advice |
403.1 | Execute access is forbidden | This error indicates that the appropriate level of the execute permission is not granted. To resolve this error, make sure the application pool identity has the execute permission. |
403.2 | Read access is forbidden | This error indicates that the appropriate level of the read permission is not granted. To resolve this error, make sure the application pool identity has the read permission. |
403.3 | Write access is forbidden | This error indicates that the appropriate level of the write permission is not granted. To resolve this error, make sure the application pool identity has the write permission. |
403.4 | An SSL connection is required | This error indicates that the request was made over a nonsecure HTTP channel but the web application is configured to require an SSL connection. |
403.13 | The client certificate has been revoked | This error indicates that the client browser tried to use a certificate that was revoked by issuing certificate authority. |
403.14 | The directory listing is denied | We covered how to fix this error above. |
Conclusion
The key to troubleshooting any IIS-related error is to enable the detailed errors. When the detailed errors aren’t helpful in revealing the actual HTTP status and substatus codes, you could use Failed Request Tracing to understand what’s going on with the HTTP request. I hope you find this post helpful.
I’m developing an ASP MVC web project. Now I have a requirement which forces me to deploy to an IIS7 inmiddle of development (to check some features). I’m getting the above mentioned error message whenever I try to type the URL of the web site. (Note: development machine: Vista Home Premium, IIS7)
What I have done until now:
Edited the HOSTS file (C:WINDOWSsystem32driversetchosts).
Put two domains in it (127.0.0.1 domain1.com & 127.0.0.1 domain2.com).
Created a folder c:websitesdirOfApplication and deployed from within Visual Studio 8 to this folder.
In IIS7 created a new site with host name domain1.com and application folder the above.
Typing the address domain1.com in Web browser results in the above error (HTTP Error 403.14 — Forbidden — The Web server is configured to not list the contents of this directory.)
I think I’m missing something but don’t know what! Tryed to deploy the files System.Web.Mvc, System.Web.Abstraction & System.Web.Routing wit the same outcome. Whenever I try to hit F5 and run the application, it works fine!
psubsee2003
8,4938 gold badges62 silver badges79 bronze badges
asked Nov 16, 2009 at 10:53
savvas sopiadissavvas sopiadis
1,6842 gold badges12 silver badges11 bronze badges
1
Maybe it’s useful to someone:
After converting my app to MVC 4 with .NET framework 4.5 and installing the framework on my server with IIS 7.0 I encountered the same ‘forbidden’ error mentioned in the question. I tried all options described above to no avail, when I noticed the
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
was missing from my web.config.
After adding this, everything worked. Simple, but easy to overlook…
EDIT:
Of course the solution above will work, but it is indeed a waste of resources. I think it is better to add the routing module as pointed out by Chris Herring in the comments.
<system.webServer>
<modules>
<remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules>
</system.webServer>
answered Jun 14, 2012 at 8:43
Cyril MestromCyril Mestrom
5,8624 gold badges19 silver badges27 bronze badges
4
Answered on SO here, question: 403 — Forbidden on basic MVC 3 deploy on iis7.5
Run aspnet_regiis -i
. Often I’ve found you need to do that to get 4.0 apps to work. Open a command prompt as an Administrator
(right click the command prompt icon and select Run as Administrator):
cd
cd WindowsMicrosoft.NETFrameworkv4.xxx.xxx
aspnet_regiis -i
Once it has installed and registered, make sure you application is using an application pool that is set to .NET 4.0.
UPDATE: I just found an issue with this command. Using -i updated all application pools to ASP.NET 4.0.
Using aspnet_regiis -ir
installs the version of ASP.NET but does not change any web applications to this version. You may also want to review the -iru option.
answered Jul 13, 2011 at 21:10
6
I too ran into this error. All the configuration and permissions were correct.
But I forgot to copy Global.asax to the server, and that’s what gave the 403 error.
answered Sep 16, 2012 at 19:59
0
It’s because of being too sure about what you (me) are doing!
On my machine there is IIS 7 installed but the required ASP.NET component (Control Panel->Programs->Turn On/Off->ASP.NET) was not.
So installing this solved the problem
Greg Gum
31.6k34 gold badges151 silver badges214 bronze badges
answered Nov 16, 2009 at 12:01
savvas sopiadissavvas sopiadis
1,6842 gold badges12 silver badges11 bronze badges
1
I had the same issue. This Microsoft support article fixed it for me.
https://support.microsoft.com/en-us/help/2023146/mvc-2-and-asp.net-4-web-forms-applications-that-use-url-routing-might-return-http-404-errors-when-they-attempt-to-process-extensionless-urls-on-iis-7-and-iis-7.5
In the «Turn Windows Features On or Off» dialog box of the Windows Control Panel «Programs and Features» application, perform the following steps:
- Navigate to the following node: Internet Information Services —> World Wide Web Services —> Common HTTP Features
- Make sure that the «HTTP Error Redirection» option is selected.
-or-
- Navigate to the following node: Internet Information Services —> World Wide Web Services —> Performance Features
- Make sure that the «Static Content Compression» option is selected. After either option has been selected, click «OK» to save changes.
Re-enabling either the HTTP Error Redirection module or the Static Content Compression module ensures that ASP.NET and IIS correctly synchronize HTTP pipeline events. This enables the URL routing module to process extensionsless URLs.
answered Mar 28, 2011 at 12:49
Donny V.Donny V.
21.8k13 gold badges64 silver badges79 bronze badges
In my case following approach helped me out:
-
aspnet_regiis -i
inWindowsMicrosoft.NetFramework
-
Adding modules to system.webServer
<system.webServer> <modules runAllManagedModulesForAllRequests="true"/> ... </system.webServer>
NathanOliver
168k28 gold badges280 silver badges387 bronze badges
answered Apr 5, 2013 at 15:30
Stefan MichevStefan Michev
4,6563 gold badges34 silver badges30 bronze badges
1
Try to apply the following settings shown below:
1) Give the necessary permission to the IIS_IUSRS
user on IIS Server
(Right click on the web site then Edit Permissions > Security).
2) If you use .NET Framework 4
, be sure that .NET Framework version is v4.0
on the Application Pool
that your web site uses.
3) Open Commanp Prompt as administrator
and run iisreset
command in order to restart IIS Server
.
answered Dec 28, 2016 at 14:21
Murat YıldızMurat Yıldız
10.9k6 gold badges62 silver badges62 bronze badges
1
Please also check, if you are running x64, that you have enabled 32-bit applications in the app pool settings
answered Jul 28, 2011 at 21:47
On the Uncheck «Precompile During Publishing» — I was getting the 403.14 error on a web service I had just written in VS2015 so I rewrote it in VS2013 and was getting the same error. In both cases I had «Precompile During Publishing» on. I unchecked it but was still getting the error. In my case I also had «Delete all existing files prior to publish» but was not deleting everything from the target directory on the server before copying the new published files there. If you don’t do that — a «PrecompiledApp.config» file is left behind which causes the problem. Once I deleted that file I was golden on both the VS2013 and VS2015 versions of my web service.
answered Aug 6, 2015 at 20:48
JTTxJTTx
572 bronze badges
I read through every answer here looking for something that worked before I realized that I’m using IIS 10 (on Windows 10 version 2004) and this question is about IIS 7 and almost a decade old.
With that said, run this from an elevated command prompt:
dism /online /enable-feature /all /featurename:IIS-ASPNET45
The /all
will automatically enable the dependent parent features: IIS-ISAPIFilter, IIS-ISAPIExtensions, and IIS-NetFxExtensibility45.
After this, you’ll notice two new (in my environment at least) application pool names mentioned .NET v4.5. ASP.NET web apps that were previously using the DefaultAppPool will just work.
answered Dec 14, 2020 at 22:14
If the top answers don’t work, look for a config named PrecompiledApp.config
in the hosting directory and delete it if it exists. This file prevents IISExpress and LocalIIS to work properly. (And I think that’s a bug) The content of the file in my case was:
<precompiledApp version="2" updatable="true"/>
And I’m 100% positive that was the problem with my case since I tried everything in 2 hours and tested lots of times with this config.
One more thing: You cannot use aspnet_regiis
in newer versions of Windows and IIS so try
dism /online /enable-feature /featurename:IIS-ASPNET45 /all
answered Jan 14, 2017 at 11:37
sotnsotn
4,2392 gold badges28 silver badges30 bronze badges
Control Panel > turn windows features on or off > Web Server > Application Development
Check ASP.NET
answered Feb 6, 2020 at 22:50
Please note sometimes wrong Managed pipeline mode
will cause this error. There are two choices to select integrated
and classic
.
answered Jan 22, 2013 at 12:44
Joe.wangJoe.wang
11.3k25 gold badges102 silver badges178 bronze badges
How to Fix “HTTP Error 403.14 – Forbidden The Web server is configured to not list the contents of this directory”
This error occurs when you have MVC 2+ running hosted on IIS 7+, this is because ASP.NET 4 was not registered in IIS. In my case I was creating a MVC 3 project and hosting it on IIS 7.5.
To fix it, make sure you have MVC 2 or above and .Net Framework 4.0 installed, then run a command prompt as administrator and type the following line:
32bit (x86)
%windir%Microsoft.NETFrameworkv4.0.30319aspnet_regiis.exe -ir
64bit (x64)
%windir%Microsoft.NETFramework64v4.0.30319aspnet_regiis.exe -ir
brimble2010
17.6k7 gold badges27 silver badges44 bronze badges
answered Jan 17, 2015 at 6:16
Vishal SenVishal Sen
1,1151 gold badge13 silver badges23 bronze badges
0
Check your Global.asax file.
In my case, it was empty.
answered Dec 7, 2016 at 13:08
oyenigunoyenigun
5676 silver badges15 bronze badges
I tried everything here; nothing worked. Problem was in my Web.config
file, somehow dependent assembly binding got changed from minimum 1
to minimum 0
.
<!-- was -->
<runtime>
<assemblyBinding>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
<!-- should have been -->
<bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
answered Apr 6, 2017 at 8:11
codeMonkeycodeMonkey
3,8622 gold badges34 silver badges49 bronze badges
NOTHING WORKED IN THE WORLD FOR ME,
I found out the problem and this might be helpful for someone,
Applicable if you are using Plesk, I just turned this thing off and everything started to work.
Yet, I do not know what is the exact issue with it.
answered Aug 25, 2020 at 9:47
Adel MouradAdel Mourad
1,28816 silver badges12 bronze badges
1
I have also encountered this same error, despite all the provided solutions for the following reasons:
- Missing DLLs
- Database connection string points to an inaccessible server.
answered Dec 11, 2011 at 3:55
eulerfxeulerfx
36.2k5 gold badges59 silver badges82 bronze badges
In my case web.config and all files except for the /bin folder were missing (not copied somehow).
Silly, but that was the last thing I have checked.
answered Sep 3, 2012 at 16:49
eitanpoeitanpo
3441 silver badge10 bronze badges
I recently had this error and found that the problem was caused by the feature «HTTP Redirection» not being enabled on my Windows Server. This blog post helped me get through troubleshooting to find the answer (despite being older Windows Server versions): http://blogs.msdn.com/b/rjacobs/archive/2010/06/30/system-web-routing-routetable-not-working-with-iis.aspx for newer servers go to Computer management, then scroll down to the Web Server role and click add role services
answered Jan 28, 2013 at 14:00
SephSeph
8,37410 gold badges61 silver badges93 bronze badges
I’m using: Win Server 2012 R2 / IIS 8.5 / MVC4 / .Net 4.5
If none of the above worked then try this:
Uncheck «Precompile during Publishing»
This kicked my butt for a few days.
answered May 7, 2015 at 17:06
D. KermottD. Kermott
1,55315 silver badges22 bronze badges
1
With ASP.NET project with C# 4.5 I’ve solved such problem by installing ASP.NET extension in Web Platform Installer
answered Jul 9, 2015 at 13:34
Also one more things can be possible
install .net framework 4.0 manually
This solution is for IIS7 on window 7
open cmd with administration previleges
go to directory «C:WindowsMicrosoft.NETFrameworkv4.0.30319»
type aspnet_regiis.exe -i
got to your inet manager by typing in run command «inetmgr»
refresh your IIS7
reload the site.
answered Jul 19, 2016 at 8:07
I know you had this problem in an internal host, but I had experienced such an issue before in an external host and in my case it had it’s own resolution, maybe it could save somebody’s time:
In fact my website was STOPPED by some reason which currently I’m not aware of, to check it out if you have the same problem, in WebsitePanel main page go to Web -> Websites then select the domain name of your website from the list, after that in the right side of the page just opened, check if you see the word STARTED, else if you see the word STOPPED, make it get started again. That’s all.
answered Jul 22, 2017 at 12:53
Muhammad MusaviMuhammad Musavi
2,3742 gold badges21 silver badges35 bronze badges
I know this is an old topic, but you can also get this error (when you are debugging) if you have a folder named the same as a route in a controller.
For instance, if you have a UserController, with a route called /User and you ALSO have a folder in your solution called «User» then IISExpress will try to browse the folder instead of showing your view.
answered May 30, 2018 at 22:55
After trying every solution suggested here, I found yet another possible solution: URLScan
The IIS had WebDAV disabled, even in the web.config of my application, WebDAV’s handler and module was removed. PUTs still returned a 403 — Forbidden without any log entries in the IIS logs. (GET / POST worked fine).
Turns out the IIS had an active ISAPI Filter (the URLScan) enabled which prevented all PUTs. After removing URLScan, it worked for me.
answered Feb 7, 2019 at 13:53
My situation was completely different than any of these and the 403:Forbidden error message was a little bit of a red herring.
If your Application_Start() function in the Global.asax module tries to access the web.config and an entry that it’s referencing isn’t there, IIS chokes and (for some reason) throws the 403:Forbidden error message.
Double-check that you aren’t missing an entry in the web.config file that’s attempting to be accessed in your Global.asax module.
answered Sep 16, 2019 at 18:03
Jason MarsellJason Marsell
1,7222 gold badges19 silver badges10 bronze badges
In case you’re like me and have an application using NHibernate and the above answers have not resolved your issue.
You should look at the connection string in your application; possibly in the webconfig file to ensure it is correct.
answered Sep 24, 2019 at 18:33
wale Awale A
811 silver badge7 bronze badges
I have been using Identity Impersonate:
<system.web>
<identity impersonate="true" userName="domainusername" password="password"/>
</system.Web>
When pushing up to the server you have to give the username access to the Temporary ASP.NET
Files folder so it can read/write/execute properly:
C:WindowsMicrosoft.NET"frameworkversion""aspversion"Temporary ASP.NET Files
Obviously replace «frameworkversion» and «aspversion» with the versions you are using.
answered May 13, 2014 at 9:40
dalemacdalemac
3551 gold badge4 silver badges15 bronze badges
Step 1: Select the Site For which the HTTP Error is produced in IIS and then click on Directory Browsing as shown in the image below:
Step 2: In the Directory Browsing Window in IIS click on Enable in Actions on the right side as shown in the diagram below:
Now Directory Browsing is enabled for your asp.net website, just restart the web application in IIS and Browse the site in your browser and see the result.
answered Jul 30, 2014 at 21:05
Содержание
- Ошибка HTTP 403.14 — запрещено при открытии веб-страницы IIS
- Симптомы
- Решение для пользователей
- Решение для администраторов сайта
- HTTP Error 403.14 — Forbidden when you open an IIS webpage
- Symptoms
- Resolution for users
- Resolution for site administrators
- Ошибка при открытии веб-страницы IIS: 403.7 Запрещено: требуется сертификат клиента
- Симптомы
- Причина
- Решение
- Проверьте, считает ли сервер, на котором запущены службы IIS, допустимым сертификат.
- Установка сертификата корневого центра сертификации вручную
- Error when you open an IIS webpage: 403.7 Forbidden: Client certificate required
- Symptoms
- Cause
- Resolution
- Check whether the server running IIS considers the certificate valid
- Install the root certification authority certificate manually
Ошибка HTTP 403.14 — запрещено при открытии веб-страницы IIS
Эта статья поможет устранить ошибку «HTTP 403.14 — запрещено: веб-сервер настроен таким образом, чтобы не формировать списка содержимого каталога», которая возникает при открытии веб-страницы службы IIS (IIS).
Первоначальная версия продукта: службы IIS версии 7.0 или более поздних версий
Оригинальный номер базы знаний: 942062
- Целевой аудиторией данной статьи являются администраторы веб-сайтов или веб-разработчики.
- Эта статья применима только к традиционным приложениям ASP.Net Form.
Симптомы
При посещении веб-сайта, размещенного в IIS 7.0 или более поздней версии, возникает сообщение об ошибке примерно такого содержания:
Ошибка сервера в приложении «имя приложения»
Ошибка HTTP 403.14: запрещено
HRESULT: 0x00000000
Описание ошибки HRESULT: веб-сервер настроен таким образом, чтобы не формировать списка содержимого каталога.
Решение для пользователей
Если вы являетесь пользователем, вам следует связаться с администраторами веб-сайта и уведомить их о возникновении этой ошибки при переходе по данному веб-адресу.
Решение для администраторов сайта
Эта проблема возникает из-за того, что на веб-сайте не включена функция просмотра каталогов. Кроме того, документ по умолчанию не настроен. Для решения этой проблемы воспользуйтесь одним из описанных ниже способов.
Метод 1. Включение функции просмотра каталогов в IIS (рекомендуется)
Чтобы устранить эту неполадку, выполните следующие действия:
- Запустите диспетчер IIS. Для этого нажмите кнопку Пуск, выберите пункт Выполнить, введите команду inetmgr.exe и нажмите кнопку ОК.
- В диспетчере IIS последовательно разверните пункты Имя сервера, Веб-сайты, затем выберите веб-сайт, который необходимо изменить.
- В представлении Функции дважды щелкните пункт Просмотр каталогов.
- На панели Действия выберите команду Включить.
Метод 2. Добавление документа по умолчанию
Чтобы устранить эту неполадку, выполните следующие действия:
- Запустите диспетчер IIS. Для этого нажмите кнопку Пуск, выберите пункт Выполнить, введите команду inetmgr.exe и нажмите кнопку ОК.
- В диспетчере IIS последовательно разверните пункты Имя сервера, Веб-сайты, затем выберите веб-сайт, который необходимо изменить.
- В представлении Функции дважды щелкните пункт Документ по умолчанию.
- На панели Действия выберите команду Включить.
- В поле Имя файла введите имя документа по умолчанию и нажмите кнопку ОК.
Метод 3. Включение функции просмотра каталогов в IIS Express
Этот метод предназначен для веб-разработчиков, у которых возникает данная проблема при использовании IIS Express.
Откройте окно командной строки и перейдите в папку IIS Express на компьютере. Например, введите следующую команду в командной строке и нажмите клавишу ВВОД.
Введите следующую команду и нажмите клавишу ВВОД:
Источник
HTTP Error 403.14 — Forbidden when you open an IIS webpage
This article helps you resolve the «HTTP Error 403.14 — Forbidden — The web server is configured to not list the contents of this directory» error that occurs when you open an Internet Information Services (IIS) webpage.
Original product version: В Internet Information Services 7.0 and later versions
Original KB number: В 942062
- The target audience for this article is website administrators and web developers.
- This article only applies to traditional ASP.Net Form applications.
Symptoms
When you visit a website hosted on IIS 7.0 or a later version, you receive an error message that resembles the following:
Server Error in Application «application name»
HTTP Error 403.14 — Forbidden
HRESULT: 0x00000000
Description of HRESULT : The Web server is configured to not list the contents of this directory.
Resolution for users
If you’re a user, you should contact the website administrators to notify them that this error has occurred for this web address.
Resolution for site administrators
This problem occurs because the website doesn’t have the Directory Browsing feature enabled. Also, the default document isn’t configured. To resolve this problem, use one of the following methods:
Method 1: Enable the Directory Browsing feature in IIS (recommended)
To resolve this problem, follow these steps:
- Start IIS Manager. To do it, select Start, select Run, type inetmgr.exe, and then select OK.
- In IIS Manager, expand server name, expand Web sites, and then select the website that you want to change.
- In the Features view, double-click Directory Browsing.
- In the Actions pane, select Enable.
Method 2: Add a default document
To resolve this problem, follow these steps:
- Start IIS Manager. To do it, select Start, select Run, type inetmgr.exe, and then select OK.
- In IIS Manager, expand server name, expand Web sites, and then select the website that you want to change.
- In the Features view, double-click Default Document.
- In the Actions pane, select Enable.
- In the File Name box, type the name of the default document, and then select OK.
Method 3: Enable the Directory Browsing feature in IIS Express
This method is for the web developers who experience this issue when they use IIS Express.
Open a Command Prompt window, and navigate to the IIS Express folder on your computer. For example, type the following command at the command prompt, and then press Enter:
Type the following command, and then press Enter:
Источник
Ошибка при открытии веб-страницы IIS: 403.7 Запрещено: требуется сертификат клиента
Эта статья поможет устранить проблему, из-за которой при открытии веб-страницы служб IIS может возникнуть непредвиденная ошибка среды выполнения.
Оригинальная версия продукта: службы IIS
Исходный номер базы знаний: 186812
Целевая аудитория для этой статьи — администраторы веб-сайтов или веб-разработчики. Если вы конечный пользователь, который обнаружил эту ошибку, рекомендуется попросить администратора сайта получить инструкции по получении правильного сертификата клиента.
Симптомы
У вас есть веб-сайт, размещенный в службах IIS. При входе на веб-сайт в веб-браузере может появиться сообщение об ошибке, похожее на следующее:
Ошибка HTTP 403
403.7 Запрещено: требуется сертификат клиента
Причина
Эта ошибка возникает, когда веб-сайт запрашивает сертификат клиента, а затем клиент либо не предоставляет его, либо сертификат, предоставленный клиентским браузером, отклоняется. Сертификаты клиента — это тип SSL-сертификата, который обычно используется для идентификации пользователя или компьютера на веб-сайте.
Ниже приведено несколько возможных причин этой проблемы.
- Корневой сертификат (сертификат центра сертификации) сертификата клиента не устанавливается на компьютере, на котором запущены службы IIS.
- Срок действия сертификата клиента истек или срок действия не достигнут.
- Сертификат клиента был отозван.
- Допустимый сертификат клиента недоступен или потенциально допустимый сертификат клиента не имеет связанного закрытого ключа.
Решение
В зависимости от причины проблемы попробуйте выполнить одно из следующих действий:
- Если у вас нет сертификата клиента для сайта и он вам нужен, обратитесь за инструкциями к администратору сайта.
- Проверьте дату и время окончания срока действия сертификата. Если срок действия сертификата истек, обратитесь за инструкциями к администратору сайта.
Проверка подлинности на основе сертификата клиента может быть включена там, где это не требуется. Если вы хотите только требовать передачи данных по протоколу TLS/SSL, вам потребуется только сертификат сервера. Вы можете отключить проверку подлинности сертификата клиента с помощью разрешения ошибки HTTP 403.7 — Запрещено при запуске веб-приложения, размещенного на сервере, на котором запущена служба IIS 7.0.
Проверьте, считает ли сервер, на котором запущены службы IIS, допустимым сертификат.
- Экспортируйте сертификат в . CER-файл.
- Скопируйте . CER-файл на сервер, на котором запущены службы IIS.
- Откройте .. CER-файл на сервере, на котором запущены службы IIS.
- Перейдите на вкладку «Путь сертификации «. Если все сертификаты в цепочке отображаются без красного крестика, то цепочка сертификатов является доверенной компьютером. Если корневой центр сертификации имеет красный крест, перейдите к следующему набору действий.
Установка сертификата корневого центра сертификации вручную
Чтобы устранить эту проблему, установите сертификат корневого центра сертификации вручную. Выполните следующие действия.
- Нажмите кнопку «Пуск», выберите «Выполнить», введите mmc и нажмите кнопку «ОК».
- В меню «Файл » выберите » Добавить или удалить оснастку».
- В диалоговом окне «Добавление или удаление оснастки » выберите «Сертификаты» в разделе «Доступные оснастки«, а затем нажмите кнопку «Добавить».
- В оснастке «Сертификаты» выберите » Учетная запись компьютера», дважды нажмите кнопку « Готово» и нажмите кнопку » ОК».
- В разделе «Корень консоли» разверните раздел «Сертификаты (локальный компьютер)».
- Разверните доверенные корневые центры сертификации, а затем щелкните правой кнопкой мыши сертификаты.
- Выберите «Все задачи«, а затем выберите » Импорт. «.
- Нажмите кнопку «Далее», а затем перейдите к расположению, где хранится файл сертификата корневого ЦС.
- После выбора сертификата дважды нажмите кнопку « Далее» и нажмите кнопку «Готово».
Промежуточные сертификаты ЦС должны быть установлены в хранилище промежуточных центров сертификации, а не в хранилище доверенных корневых сертификатов. Любой сертификат центра сертификации, Issued by Issued to значения которого не совпадают (и, следовательно, сертификат не находится в верхней части иерархии), называется промежуточным ЦС.
Источник
Error when you open an IIS webpage: 403.7 Forbidden: Client certificate required
This article helps you resolve the problem where an unexpected runtime error may be thrown when you open an Internet Information Services (IIS) webpage.
Original product version: В Internet Information Services
Original KB number: В 186812
The target audience for this article is website administrators or web developers. If you are an end-user who has encountered this error, we recommend that you ask the site administrator for instructions on how to obtain the correct client certificate.
Symptoms
You have a website that is hosted on IIS. When you go to the website in a web browser, you may receive an error message that resembles the following one:
HTTP Error 403
403.7 Forbidden: Client certificate required
Cause
This error occurs when the website requests a client certificate, and then the client either doesn’t provide one or the certificate supplied by the client browser is rejected. Client certificates are a kind of Secure Sockets Layer (SSL) certificate typically used to identify a user or computer to a website.
The following are several possible causes of this problem:
- The root certificate (certification authority certificate) of the client certificate isn’t installed on the computer that is running IIS.
- The client certificate has expired, or the effective time hasn’t been reached.
- The client certificate was revoked.
- No valid client certificate is available, or a potentially valid client certificate doesn’t have an associated private key installed.
Resolution
Depending on the cause of your problem, try one of the following resolutions:
- If you don’t have a client certificate for the site, and you need one, contact the site administrator for instructions.
- Check the expiration date and time of the certificate. If your certificate has expired, contact the site administrator for instructions.
Client certificate authentication may be enabled where it is not required. If you intended only to require Transport Layer Security (TLS)/SSL communications, then you need only a server certificate. You can disable client certificate authentication by using the resolution in «HTTP Error 403.7 — Forbidden» error when you run a Web application that is hosted on a server that is running IIS 7.0.
Check whether the server running IIS considers the certificate valid
- Export the certificate to a .CER file.
- Copy the .CER file to the server that is running IIS.
- Open the .CER file on the server that is running IIS.
- Look at the Certification Path tab. If all certificates in the chain are displayed without a red cross, then the certificate chain is trusted by the computer. If the root certification authority has a red cross against it, continue to the next set of steps.
To resolve this issue, install the root certification authority certificate manually. Follow the following steps:
- Select Start, select Run, type mmc, and then select OK.
- On the File menu, select Add/Remove Snap-in.
- In the Add or Remove Snap-ins dialog box, select Certificates under Available Snap-ins, and then select Add.
- In the Certificates snap-in, select Computer account, select Finish twice, and then select OK.
- Under Console Root, expand Certificates (Local Computer).
- Expand Trusted Root Certification Authorities, and then right-click Certificates.
- Select All Tasks, and then select Import. .
- Select Next, and then navigate to the location where the Root CA certificate file is stored.
- After the certificate has been selected, select Next two times, and then select Finish.
Intermediate CA certificates should be installed in the Intermediate Certification Authorities store rather than in the Trusted Roots store. Any certification authority certificate whose Issued by and Issued to values are not the same (and therefore the certificate is not at the top of the hierarchy) is known as an Intermediate CA.
Источник