I tried messing with the “.NET Authorization Rules” section of IIS for a particular application (virtual directory). I tried to add a row for Deny All Users plus an additional record to Allow my individual user.

It seemed to be working for a moment, but then things went haywire. I reverted the changes back to how it was originally configured but now it prompts me for a username and password every time, and will not allow me to access the site.

I get:

401 – Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.

Strangely, this also seems to have happened to the other virtual directory / application that is in the Default web site.

I have checked the web.config file and it seems completely fine. The only remaining rule is the default inherited rule (Allow All Users). I have Windows Integrated Authentication in place, but that was not causing an issue before all of this started.

I even tried deleting and re-creating the application (VD) from scratch, same issue.

Somehow it seems it is locking out all users now for all applications within the web site.

The next step is to format the entire web server and start new, which I am hoping to avoid.