403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

403.16 – Client certificate is untrusted or invalid.

At a very high level under IIS server if you receive 403 error code means the content is forbidden but if you deeply check the server logs from IIS you will get an error code like 403.1 or 403.16 or 403.20. For a complete list please follow the under given link which will give you more idea about the error code and description. IIS Error Codes

I faced under given error which took my one month to figure out the solution.

403.16 – Client certificate is untrusted or invalid.

I would like to elaborate my environment a little bit so that it becomes more clear why i was getting this error. I configured a web application on IIS8.5 which requires a client SSL certificate for authentication. Client certificate and server certificate were completely perfect and everything seems normal. Both certificates were from the same CA and trust each other without any problem. None of them were even near to expiry date. Still application was giving this error code: 403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

403.16 - Client certificate is untrusted
403.16 – Client certificate is untrusted or invalid.

I Google every bit to find a solution which could solve my problem but still found nothing. Many users shared about windows updates which were released to cure the SCHANNEL vulnerabilities but created these kinds of problems. After removing and restarting my production server still the issue remained there. Under given are the URLs to those security bulletins.

https://technet.microsoft.com/en-us/library/security/ms14-066.aspx?f=255&MSPPError=-2147217396

https://technet.microsoft.com/en-us/library/security/ms15-031.aspx?f=255&MSPPError=-2147217396

As the error suggests that there is some problem with the client certificate. Actually there is no problem with the client certificate. The problem is with the server which is hosting the IIS website and have the server side certificate. The server is not able to check the revocation of the certificate from the Trusted Root Authority. The solution of this problem is given as under:

Resolution

Open the registry editor (Be-careful!!!!!!!)

Navigate to under given path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Create a new D-Word entry name “ClientAuthTrustMode”

Put 2 in the data field (2 mean revocation will not be checked)

This solved my problem and saved my lot of time from moving my production environment to some other server.

Share your views if this post solved your problem or helped you in any way.

14 thoughts on “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

  1. Hello,
    I run into the same problem time and time again, although whilst is nice to bypass the SSL security in some set circumstances, e.g. lab testing or pre development in non-production servers, it is a good way and regedit should be used to open up the registry edit, I run it from the command prompt under run as “administrator”. It is normally asking you for a security certificate that is from Geotrust or Comodo, they can be also purchased through the following web site http://www.brimains.com – So far, it is good to assign the relevant directories to read write everyone (for the username) and everyone you can set to read/list, be careful when setting ‘everyone’ permissions to read/write although it is good to set this like on public directories accessible by anyone.

    Reply
  2. You are awesome… I already wasted 3-4 hours and luckily saw your link…and your solution fixed the issue. Thanks a lot man…

    Reply
  3. Dude you are awesome, I’ve been having this problem on a specific website for two weeks and this solved it. Thanks a million!!

    Reply
  4. 2016-09-27 03:57:11 W3SVC1 127.0.0.1 GET / – 80 – 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0C;+.NET4.0E) 403 4 5

    how to fix this error

    Reply
    • You need to give write permission to IIS user on the directory where the files are stored. Make sure IIS_IUSRS user have write permission on that directory. If you are still getting this error go windows directory of the server and provide write permission to IIS_ISURS on TEMP directory. I hope this will solve your problem.

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.