|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Redirect when User is UnauthorizedHello,
I am using Windows Authentication and Role based authorization to secure my web application. I would like to redirect to an Unauthorized page if a user tries to access the web site and does not have the proper credentials. I first tried adding a section to the customErrors web.config for the statusCode of 401. However, this did not work as I am still receiving the default asp.net access denied page. Is there any way to display a custom page instead of the default asp.net page when authorization fails? If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and Windows Server 2003. Any thoughts or suggestions would be appreciated. Thanks! David. hi,
try this <customErrors defaultRedirect="http://hostName/applicationName/errorStatus.htm" mode="On"> </customErrors> regards serge MCAD.NET Show quoteHide quote "David" wrote: > Hello, > > I am using Windows Authentication and Role based authorization to secure my > web application. I would like to redirect to an Unauthorized page if a user > tries to access the web site and does not have the proper credentials. I > first tried adding a section to the customErrors web.config for the > statusCode of 401. However, this did not work as I am still receiving the > default asp.net access denied page. Is there any way to display a custom > page instead of the default asp.net page when authorization fails? > > If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and Windows > Server 2003. > > Any thoughts or suggestions would be appreciated. > > Thanks! > > David. > you cannot catch 401s with the <customErrrors> element - write a handler
for EndRequest in global.asax and check for a 401 status code AND that the user is authenticated (Request.IsAuthenticated) - then do the redirect manually --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > hi, try this > > <customErrors > defaultRedirect="http://hostName/applicationName/errorStatus.htm" > mode="On"> </customErrors> > > regards > serge > MCAD.NET > "David" wrote: > >> Hello, >> >> I am using Windows Authentication and Role based authorization to >> secure my web application. I would like to redirect to an >> Unauthorized page if a user tries to access the web site and does not >> have the proper credentials. I first tried adding a section to the >> customErrors web.config for the statusCode of 401. However, this did >> not work as I am still receiving the default asp.net access denied >> page. Is there any way to display a custom page instead of the >> default asp.net page when authorization fails? >> >> If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and >> Windows Server 2003. >> >> Any thoughts or suggestions would be appreciated. >> >> Thanks! >> >> David. >> Really? why is it so ?
I have understood that you can redirect standard error page to your own ? serge Show quoteHide quote "Dominick Baier" wrote: > you cannot catch 401s with the <customErrrors> element - write a handler > for EndRequest in global.asax and check for a 401 status code AND that the > user is authenticated (Request.IsAuthenticated) - then do the redirect manually > > --- > Dominick Baier, DevelopMentor > http://www.leastprivilege.com > > > hi, try this > > > > <customErrors > > defaultRedirect="http://hostName/applicationName/errorStatus.htm" > > mode="On"> </customErrors> > > > > regards > > serge > > MCAD.NET > > "David" wrote: > > > >> Hello, > >> > >> I am using Windows Authentication and Role based authorization to > >> secure my web application. I would like to redirect to an > >> Unauthorized page if a user tries to access the web site and does not > >> have the proper credentials. I first tried adding a section to the > >> customErrors web.config for the statusCode of 401. However, this did > >> not work as I am still receiving the default asp.net access denied > >> page. Is there any way to display a custom page instead of the > >> default asp.net page when authorization fails? > >> > >> If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and > >> Windows Server 2003. > >> > >> Any thoughts or suggestions would be appreciated. > >> > >> Thanks! > >> > >> David. > >> > > > Why not by doing this ?
<configuration> <system.web> <customErrors defaultRedirect="GenericError.htm" mode="RemoteOnly"> <error statusCode="401" redirect="InternalError.htm"/> </customErrors> </system.web> </configuration> Show quoteHide quote "Dominick Baier" wrote: > you cannot catch 401s with the <customErrrors> element - write a handler > for EndRequest in global.asax and check for a 401 status code AND that the > user is authenticated (Request.IsAuthenticated) - then do the redirect manually > > --- > Dominick Baier, DevelopMentor > http://www.leastprivilege.com > > > hi, try this > > > > <customErrors > > defaultRedirect="http://hostName/applicationName/errorStatus.htm" > > mode="On"> </customErrors> > > > > regards > > serge > > MCAD.NET > > "David" wrote: > > > >> Hello, > >> > >> I am using Windows Authentication and Role based authorization to > >> secure my web application. I would like to redirect to an > >> Unauthorized page if a user tries to access the web site and does not > >> have the proper credentials. I first tried adding a section to the > >> customErrors web.config for the statusCode of 401. However, this did > >> not work as I am still receiving the default asp.net access denied > >> page. Is there any way to display a custom page instead of the > >> default asp.net page when authorization fails? > >> > >> If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and > >> Windows Server 2003. > >> > >> Any thoughts or suggestions would be appreciated. > >> > >> Thanks! > >> > >> David. > >> > > > because the 401 is used to trigger the IIS authentication handshake (e.g.
displaying the login box in IE) - thus it has to percolate up to IIS and cannot be catched in ASP.NET... --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Why not by doing this ? > > <configuration> > <system.web> > <customErrors defaultRedirect="GenericError.htm" > mode="RemoteOnly"> > <error statusCode="401" > redirect="InternalError.htm"/> > </customErrors> > </system.web> > </configuration> > "Dominick Baier" wrote: > >> you cannot catch 401s with the <customErrrors> element - write a >> handler for EndRequest in global.asax and check for a 401 status code >> AND that the user is authenticated (Request.IsAuthenticated) - then >> do the redirect manually >> >> --- >> Dominick Baier, DevelopMentor >> http://www.leastprivilege.com >>> hi, try this >>> >>> <customErrors >>> defaultRedirect="http://hostName/applicationName/errorStatus.htm" >>> mode="On"> </customErrors> >>> >>> regards >>> serge >>> MCAD.NET >>> "David" wrote: >>>> Hello, >>>> >>>> I am using Windows Authentication and Role based authorization to >>>> secure my web application. I would like to redirect to an >>>> Unauthorized page if a user tries to access the web site and does >>>> not have the proper credentials. I first tried adding a section to >>>> the customErrors web.config for the statusCode of 401. However, >>>> this did not work as I am still receiving the default asp.net >>>> access denied page. Is there any way to display a custom page >>>> instead of the default asp.net page when authorization fails? >>>> >>>> If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and >>>> Windows Server 2003. >>>> >>>> Any thoughts or suggestions would be appreciated. >>>> >>>> Thanks! >>>> >>>> David. >>>> 
Other interesting topics
how to add "Authorization: Basic" for a web service call
Winform: Call a vbscript with elevated privileges FullTrust on network drive Why am I getting errors when I want to rebuild the TreeView contro Login error when opening a deployed project Do i need to got Https:// throught the website ??? How to decrypt CAPICOM data i .NET 2.0 How do I use windowsIdentity to start a process in .net? User creation.... Forms Authentication with Active Directory, login control crashes |
|||||||||||||||||||||||
