I was receiving 401 unauthorized access errors on my /account/login page
The controller contains a [authorize] attribute while all the actions have [allowanonymous]. I have forms and anon authentication enable in IIS. The physical path credentials for the website are set to application user while the application pool’s identity is set to the built-in account ApplicationPoolIdentity. AnonAuth is set to use the ApplicationPoolIdenity and IUSRS has permission to the directory.
If I have error pages set to detailed for both local and remote everything works. If i set it to custom for both or custom for only remote I get a 401 - Unauthorized: Access is denied due to invalid credentials. but only on the login page. Any page without the [authorize] attribute, like the index, works fine.
any ideas?
