 |
|
|
i am trying to use with this solution, but i have a problem with that.
when i access to the site from the computer that the site exist, its working good, but when i access from another computer, i got the regular message about the 401 error, and the AccessDenied page is not shown.
my project is matches to your sample (Custom401) and i changed the iis definitions as needed.
How can i resolve this problem? Did i miss any definition in the iis?
thanks !
|
|
|
|
|
|
|
While this response is horrendously UN-timely, but included for others....
I just encountered the same issue with IIS 7.5 on Win 2008 R2... Everything worked great in development and locally (read: http://localhost) on the deployment server. However when hitting the site remotely, the system would return the IIS 401 Unauthorized error message...
Here's what I discovered (purely by dumb luck)...
From: IIS.Net - HTTP Errors Configuration, I was reading the attribute definitions and came across the errorMode attribute with the possible settings of DetailedLocalOnly, Custom and Detailed (Default value being: DetailedLocalOnly). To me this sounded suspiciously like CustomErrors of (RemoteOnly, On, and Off respectively)... I updated my web.config by adding inside the system.webServer node the following:
<httpErrors errorMode="Detailed">
</httpErrors>
Note that i am NOT changing the handlers, just the default errorMode. By changing the value to 'Detailed', my overridden error message was displayed -- SUCCESS!
Therefore it appears that we are able to override the detailed error message by the approach above, but a custom error handler trumps this...
Also Note, that I did try the approach by umbyersw, but I seemed to get the custom message always and was not challenged for my credentials (might be an issue with my authorization block)...
|
|
|
|
|
|
|
Hi
I have a query regarding redirection to Login page, which I am not being able to trace out.
When I click on any of the tab in my application (which internally loads a new aspx page) sometimes it
is redirected to Login.aspx, which is unexpected. Couldnot debug why this is happening even by javascript alerts and C# debugging statements.
Below is the view source piece from Login.aspx, just for clue
<form name="Form1" method="post" action="login.aspx?ReturnUrl=%2fValuations%2fToDoList.aspx" id="Form1">
Valuations is the dll of application and ToDoList.aspx is the tab page I clicked which should load, but suddenly Login.aspx page is displayed. I traced the complete solution project.
Can you please help me...?
- Ajay K
|
|
|
|
|
|
|
To accomplish this in IIS7 for Application Pools & Processes running in Integrated mode, you can use the configuration settings of the system.webServer element in your web.config to solve this problem.
Forget about ASP.NET <customErrors />, custom code for AuthenticateRequest, custom code for EndRequest, or even splicing in your own JavaScript code. What I mean is, if you have the configuration below, you don't need any of the code or configuration suggested in the article.
Instead, edit the web.config of your application like this:
<configuration>
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="401" />
<error statusCode="401" path="/RootRelativePath/PublicArea/AccessDenied.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
</configuration>
|
|
|
|
|
|
|
This is not working after when we restart Server. It,s asking for username/pwd every time in IE, which should not be because IE authenticate itself against AD.
Please suggest.
|
|
|
|
|
|
|
protected void Application_EndRequest(Object sender, EventArgs e)
{
HttpContext context = HttpContext.Current;
if (context.Response.Status.Substring(0,3).Equals("401"))
{
context.Response.ClearContent();
Application_Error(new Exception("Access Denied"), EventArgs.Empty);
}
}
-------------------------------------
protected void Application_Error(object sender, EventArgs e)
{
Exception ex;
if (sender.GetType().Equals(typeof(System.Exception)))
{
ex = (Exception)sender;
}
else
{
ex = Server.GetLastError().GetBaseException();
}
........................
|
|
|
|
|
|
|
Hello,
I am working on a mixed forms/ntlm authentication solution. So far I have the following working:
- main application uses asp.net forms authentication
- one page uses NTLM authentication
- on failure a custom html error page for 401 (ntlm auth failure) or 403 (ip range not allowed) redirects to the forms login page
The annoying thing about this is that there are a whole bunch of 401 and 403 error page settings that must be configured by the person installing the IIS app, and can thus be misconfigured. I would like to do that in code and there your article seemed to be the solution. But alas, no luck if anonymous access is disabled in IIS...
Any workaround? I can think of a two-application system: main app using forms authentication and separate app for the Windows login page using windows authentication. But again, that makes the configuration more complex than I prefer  What would be great is if you could force one page to use windows authentication only from code.
|
|
|
|
|
|
|
Whats the soln you got ?? Im doing the same .. I got a website which should allow Domain Intranet users to Auto logon and Internet users to be rpesented with login page.
I got the first part but for Internet users the 401 challenge just gives me "Error:Access Denied". How do i redirect?
I need to send them to login page.
|
|
|
|
|
|
|
Actually, the NTLM authenticated page lives in an IFRAME on my standard forms logon page, it is aspx without any user interface. When it fails, it will redirect to the custom 401/403 error page that I set for that page only in the IIS configuration of the site.
The error page is a plain html page (asp cannot be used in error pages) with a small piece of javascript that shows the login panel in the parent page:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Single Logon failed</title>
</head>
<body>
<script type="text/javascript" language="javascript">
try {
parent.ShowLoginPanel();
}
catch(e) { }
</script>
</body>
</html>
Initially, the host page shows a div with the text "Logging in..." and an ajax style animated wait icon. When the page inside the iframe redirects to the custom 401 page, the "Logging in ..." div is hidden and the div containing the forms logon is shown. After that, the user can use the forms logon as fallback. We use a custom MembershipProvider that authenticates the user against our database.
|
|
|
|
|
|
|
Hi
I use Windows authentication mode because I would like the specific group in active directory in my company can access my website. However, it doesn't blocked the non admin group. Deos anyone can tell me how to make it work.
The follwoing is my code in webconfig.
Thanks.
|
|
|
|
|
|
|
There is no code visible in your post.
|
|
|
|
|
|
|
Hi, there is my code.
Thanks.
|
|
|
|
|
|
|
Sorry, the paste doesn't work. Hope this time the code will be shown
Thanks.
|
|
|
|
|
|
|
Hope this time will work. There is my code
<system.web>
<authentication mode="Windows"/>
<rolemanager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
<authorization>
<allow roles="mydomain\MAdmin"/>
<deny user="?"/>
</authorization>
</system.web>
Thanks.
|
|
|
|
|
|
|
<deny user="?"/>
means deny all not authenticated users. I guess the users outside a role are authenticated. Tha's why they are authorized. Try removing this line or use
<deny user="*"/> instead.
|
|
|
|
|
|
|
Ha ha, the same Problem.
<deny user="?"/>
means deny all not authenticated users. I guess the users outside a role are authenticated. Tha's why they are authorized. Try removing this line or use
<deny user="*"/>
instead.
|
|
|
|
|
|
|
if you need to process an aspx page, not only see html message, you can also use Server.Transfer like this:
protected void Application_EndRequest(Object sender, EventArgs e) {
ProceedCustomErrorWithStatus401();
}
protected void ProceedCustomErrorWithStatus401() {
HttpContext context = HttpContext.Current;
if (context.Response.Status.Substring(0, 3).Equals("401")) {
AppSettingsReader reader = new AppSettingsReader();
string errorPage = (string)reader.GetValue("CustomErrorWithStatus401", typeof(string));
System.IO.FileInfo fi = new System.IO.FileInfo(Server.MapPath(errorPage));
if (errorPage != null && errorPage != string.Empty && fi.Exists) {
context.Response.ClearContent();
Server.Transfer(errorPage);
}
}
}
-ernest
|
|
|
|
|
|
|
Hello,
I'm trying to use the mix form windows authentication solution. I would like to avoid the explorer authentication popup when a user come on the windows authentication page and immediatly redirect him to my form authentication page. Is that possible ? how ?
Tanks
|
|
|
|
|
|
|
I think no, while because of security resons IE will not send the authentication information until it becomes 401 from server.
1. IE sends a request on URL without any authentication info.
2. It becomes 401 "Access denied"
3a. If IE has an apropriate authentication tocken it will be sent automatcally.
3b. If IE has not an apropriate authentication tocken it will show the login popup.
i) After three failed retries 401 page will be shown.
Because of security reasons the server can not ask browser "give me your tocken if you have, if not i'll let you in anyway".
|
|
|
|
|
|
|
Help please!!! I setup this app, and it works fine on the computers that are on the same domain. However, if I use a computer that's not in the same domain then the login window still show up but not redirecting to the custom 401 page (login.aspx). Is there anyway to resolve this problem? Please also show me how to setup permission on the application such as windows authentication on which application/folder. Thanks!!!
|
|
|
|
|
|
|
This is a good work around. I had been working on this without any results...
Thanks / Regards
Prapro
Prapro
|
|
|
|
|
|
|
Instead of relying on JavaScript code for redirecting to a 401 custom error page we can do it on the server. Here is my VB.NET version of Application_EndRequest() in Global.asax.vb.
Sub Application_EndRequest(ByVal sender As Object, ByVal e As EventArgs)
If Response.StatusCode = 401 Then
Response.ClearContent()
Response.WriteFile(Request.ApplicationPath & "/error/401.htm")
End If
End Sub
Also, the IIS 401.X custom errors can be mapped to the same 401.htm file for a consistency sake.
|
|
|
|
|
|
|
Thank you for your comment. It will work great with HTML pages. But what to do with Active pages I mean not HTML files, but ASPX? (It can be necessary to have an ASPX Access Denied page) I think in this case Response.WriteFile(Request.ApplicationPath & "/error/401.htm") will not work or will write to response whole content of an ASPX file.
To avoid javaScript best solution can be to use Server.Transfer after Response.ClearContent.
|
|
|
|
|
|
|
But you can use the Custom Errors tab from the virtual directory's property to edit the IIS default error messages. In this case, edit the 401-1.htm or/and the 401-3.htm file.
eleung
|
|
|
|
|
|
|
You are right. Thre are in fact two stages of Authentication. If you switch off Anonimous access in IIS you will be rejected at IIS stage and have no chanse to see any ASPX page in this Web Application. If you let IIS accept Anonymous you can still allow or deny unauthenticated access in parts of your application by creating individual Web.config-s for dithered directories ( entry).
Your solution assumes prohibiting access on IIS level (401-1.htm will work only in this case, otherwise comes ASP.NET 401 page. These are two different things). And it means that you can not create Web Applications with mixed access.
Your solution is good when thwo separate Web Applications can be created. One with Annonymous access anothor without. In this case users rejected in one Web Application will land in another one.
My solution is designed to allow fallback from protected area into public one within one ASP.NET Web Application without receiving 401-1 screen. 
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin