Is there a way within
web.config or IIS 7 settings that will stop the login prompts and just force the user to the 401 error upon being denied due to URL Authorization rule?
Right now, it successfully restricts access to the page, but doesn't display the "401 - Unauthorized: Access is denied due to invalid credentials" error until after you click cancel on the login prompt.
Using Windows 2008 R2, IIS 7.5, Windows Authentication, Impersonation, and URL Authorization.
Below is a sample of how my
web.config file looks like...
="1.0"="UTF-8"
<configuration>
<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="iis7test\BobAndFriends" />
</authorization>
</security>
</system.webServer>
<location path="bobsSecret.aspx">
<system.webServer>
<security>
<authorization>
<remove users="" roles="iis7test\BobAndFriends" verbs="" />
<add accessType="Allow" users="iis7test\Bob" />
</authorization>
</security>
</system.webServer>
</location>
</configuration>