Getting a HTTP 401 on an external WSDL that is on a network share

By vincent
May 26, 2015

At my current client we have a few exported BizTalk WCF services that are stored on a network share (on a different server then the IIS server). These WCF services have an externalMetadataLocation specified and Anonymous  Authentication is enabled. The external WSDL is in the same folder as the .svc file.

When browsing these services, the .svc files are loaded without a problem. However, when you click on the link to the WSDL, you will receive a 401 error ‘you do not have permission to view this directory or page using the credentials that you supplied’.

It turns out that, by default, IIS is using the local IUSR to browse the WSDL when Anonymous Authentication is enabled. For some reason, the svc file will load fine, but the WSDL will give the 403 (the local IUSR account is not known on the network share).

You can solve this via the IIS Manager.

  1. Go to the features screen of the application
  2. Open the Authentication settings
  3. (right)Click Anonymous Authentication and choose ‘edit…’
  4. Select the ‘Application pool identity’ option and save the settings
  5. Restart IIS and you should be able to browse the external WSDL.


Comments: 0

Leave a Reply

Your email address will not be published. Required fields are marked *