MVC "Access is Denied" using IIS

Question

Having serious trouble getting beyond "Access is Denied" message:

Error message 401.2: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

How I got here

Running under Windows 7, Professional. System using AD for login to system (name: SYSTEM\login). Created a new MVC 3 application in VS2010 called XYZ. Made no changes to code. Set referenced files for System.Web.mvc and System.Web.Helpers to Copy to Local = true.

What I attempted

1. Published XYZ to file system location "C:/websites/XYZ".
2. Added "abc.xyz.com" to hosts file with IPA 127.0.0.1.
3. Created new Site in IIS Manager called "XYZ" and set the physical path to the path where the app is published (C:/websites/XYZ).
4. Bound XYZ to abc.xyz.com:80.
5. Ensured Application Pool for site runs .NET 4.0, Integrated.
6. Application Pool Identity set to ApplicationPoolIdentity.
7. At physical location of published files, right-clicked folder and went to Properties->Security and added IUSR to list of users, giving it Full Control.
8. MVC project has authentication mode set to "None".
9. Authentication for site has Anonymous Access enabled and all else disabled.
10. I have also enabled Directory Browsing for the site.

After all this, I reset the web site, refresh the browser, and reset IIS. I still get this message when I go to abc.xyz.com. I have absolutely no idea what I should check next.

What I need

Can anyone help me with this? I have performed several Google searches with combinations of "mvc localhost access denied" and so forth, and I implemented the suggestions I found.

Answer 1

Fixed

Ok. Found the answer...at least to this application. I changed the Authentication from Windows to Anonymous. Then, I removed the .NET Authorization rule which denied Anonymous access. These two things enabled access to the application without the annoying IIS login popup that accompanies Windows authorization.

One thing that I failed to notice before was that the changes I made to the web site were reflected in the web.config file at the published location, and not the source.

Unfortunately, every time I published I reset the authentication. This was probably the real reason that I had so much trouble. Lesson learned. Chagrined, I am.

One other thing that I failed to clear up was that I am using IIS 7.5.