I have deployed a web site to a Win 2008 Web server with IIS7. The site works fine on a Win 2003 Standard server with IIS6. On the 2008 box, whenever I request a page (htm or aspx) from a folder named Reports, I get challenged with the Windows Authentication dialog box.
I have Anonymous Authentication and Forms Authentication enabled on the site. I applied Full Control permissions to the root of the site for both NETWORK SERVICE and IIS_IUSRS, but that hasn't make a difference.
whats is the authentication mode in your web.config, verify that is not in Windows
<authentication mode="Windows" />
also be sure to disable integrated windows authentication in iis
You could try running FileMon from SysInternals to see if it is the file system that is sending back the "access denied".
Did you install MSSQL Reporting Services on your new machine? It'll use the Reports folder for the reporting toolkit (default setting) and under MSSQL 2008 you can't enable anonymous Access out of the box.
Quote from another forum that solved this issue for me: "SQL Server Reporting Services creates a folder called Reports by default if you install it on IIS. If you install SQL 2008 then Reporting Services doesn't need to use IIS and instead will try to reserve the URL with the HTTP.Sys service.
I believe this is the cause of the conflict you are seeing. What you could try is changing the URL that Reporting Services uses via the SQL Server Reporting Services Configuration Manager."
Well speaking on the same subject here, yesterday I was deploying my application on Windows Server 2008 running IIS7 w/MSSQL 2008 on there too. In my website's tree structure I had a folder named Reports that had a subfolder in it, and then the actual pages. It looked like this "Reports/SalaryReports/SalaryReport.aspx" The interesting thing was that when I clicked on a hyperlink to go to "Reports/SalaryReports/SalaryReport.aspx" I got a username/password prompt from my server. This did not happen on the VS development server when I ran the application on the development machine. So I was like hmm? I looked at the code-behind in SalaryReport.aspx and did not find anything unusual. So then I put a Default.aspx directly in the Reports folder (thinking maybe it was something wrong with the authentication going two nodes down from the root to get to SalaryReport.aspx) but the server still requested username/password even though there was no security settings applied to this new Default.aspx. So I figured it must be that the folder is named "Reports", so I renamed it to "Reports1" and bigno! Everything worked!....I will still look further in this issue today, but it seems that either an IIS 7 HttpModule (not one of mine) is trying to "reserve" the folder that is named "Reports" for itself or something else...I'll look into the SQL Server Reporting services as the above post mentioned... Anyways, just wanted to share:)
Like a previous post already mentioned, here are the detailed steps to fix this:)
If there is a folder in the application named "Reports" and SQL Server Reporting Services are installedon the server, then Reporting Services Virtual Directory folder that is also named "Reports" will be in conflict with the application "Reports" folder. To fix this open Reporting Services Configuration Manager (Start->All Programs->MS SQL Server->Configuraton Tools) and change the Virtual Directory under the "Report Manager URL" in the menu on the left.
I'm supposing you don't have a SQL Reporting Services running on the same server:
1 - Give rights to user "IUSR" and the user that's running your application pool. 2 - Overwrite child folder permissions and ownership. 2 - Check if there's a web.config file on that folder setting different access rules.