Just deployed your shiny new ASP.NET 4.5 MVC4 application to a pristine Server 2008 R2 box with IIS 8.5? Getting that frustrating 403.14 "Directory listing denied" error? Let's break down why this happens and how to properly configure IIS for MVC routing.
First, verify these critical items:
// Verify framework installation
Get-ChildItem 'HKLM:\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full' |
Get-ItemPropertyValue -Name Release |
ForEach-Object { $_ -ge 378389 } // 4.5 minimum release number// Check IIS handler mappings
%windir%\\system32\\inetsrv\\appcmd list config -section:system.webServer/handlersThe 403.14 indicates IIS doesn't know how to handle MVC routes. For .NET 4.5 MVC4, you need these web.config entries:
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>Even after registration, these often get missed:
- The app pool must use Integrated mode, not Classic
- Verify the physical path permissions (IIS_IUSRS needs read access)
- Check for missing dependencies in your bin folder
Enable tracing to see exactly where the request fails:
// PowerShell to enable tracing
Add-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST'
-Filter "system.applicationHost/sites/site[@name='Default Web Site']/traceFailedRequestsLogging"
-Name "enabled" -Value "True"If you're still stuck, try this nuclear option:
// Reset all IIS components
%windir%\\system32\\inetsrv\\appcmd reset config "Default Web Site/"
iisreset /noforceRemember that .NET 4.5 is an in-place upgrade over 4.0, so some legacy configuration might interfere. Always test with a simple "Hello World" MVC view first before deploying complex applications.
When setting up a fresh Server 2008 R2 with IIS 7.5, you might encounter the frustrating 403.14 Forbidden error even after following standard installation procedures. This typically indicates that IIS is unable to locate or process the default document in your MVC4 application.
First, verify these essential configurations:
// Web.config system.webServer section
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0"
path="*."
verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS"
type="System.Web.Handlers.TransferRequestHandler"
preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
Three often-overlooked dependencies in this scenario:
- ASP.NET MVC4 installation (separate from .NET Framework)
- URL Rewrite Module for IIS
- Correct handler mappings
Here's what worked consistently in my deployments:
- Install MVC4 runtime:
aspnetmvc4_setup.exe - Enable the required Windows Features:
ServerManagerCmd -install Web-Asp-Net45
ServerManagerCmd -install Web-Net-Ext45
Create a test controller to verify routing:
public class TestController : Controller
{
public ActionResult Ping()
{
return Content("Service operational", "text/plain");
}
}
Navigate to /Test/Ping to confirm routing works before troubleshooting views.
For more complex scenarios, consider adding this handler:
<add name="httpPlatformHandler"
path="*"
verb="*"
modules="httpPlatformHandler"
resourceType="Unspecified" />
- Application Pool using .NET 4.0 Integrated Pipeline
- Anonymous Authentication enabled
- Read/Execute permissions on the folder
- Static content role service installed