I have an ADO.NET data service (we will call it service.svc). When I post it to IIS 6 with Windows Integrated Authentication enabled, all requests (GET, POST, PUT and DELETE) work fine for me because I am the administrator on this box. However, when a non-administrator user enters the service, only GET and POST requests work. When they try a PUT or DELETE request, they get an HTTP 401.3 "Access Denied" error:
"Error 401.3: You do not have permission to view this directory or page using the credentials you provided (access is denied due to access control lists). Ask the web server administrator to give you access to the service" ... ".svc "".
If I give the local group "Authenticated Users" to write to the .svc file, everything works as it should, but I really do not want to do this (and I donβt think I need to do this to make it work). In fact, I'm confused why changing file permissions will affect this at all, but it definitely seems to be a problem.
I found several different suggestions to fix somewhat similar problems on Microsoft forums ( Here , and I would post more links, but I was told that new users can send only one link in a message), but none of the solutions help.
Any help is greatly appreciated. I'm certainly not an IIS expert, and that puzzled me.
source share