locked
Handle windows authentication login popups Cancel click RRS feed

  • Question

  • User1590423150 posted

     

    Hi!

    I have simple web application called App that is secured with Windows Authentication. I have set identity impersonate to true in web.config. There is only one page (Default.aspx) in App directory. When user enters the site ex.: http://localhost/App the login window pops up. When user clicks Cancel, IIS redirects to page with an error 401.2. I want to redirect to http://localhost/App/app_start/login.aspx. App_start is an aplication that is secured with Forms Authentication. I tried to handle programmatically the redirection by adding Application_EndRequest method in Global.asax file. But when user clicks Cancel the Application_EndRequest is not being fired. When user successfully logs in the method is being fired. Is there any way to handle error 401.2 programmatically or maybe in a different way?

    Application_EndRequest code:

    if (Response.StatusCode == 401)

    {

         Response.Clear();

         Response.Write("You don't have access to content.");
    }

    The web.config file of App application:

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
      <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <authentication mode="Windows" />
        <identity impersonate="true" />
        <machineKey decryptionKey="hidden from forum" validationKey="hidden from forum" />
      </system.web>
    </configuration>

    Thanks for help.

    Sincerely,

    Peter.
    Wednesday, November 3, 2010 5:12 AM

Answers

  • User-322036075 posted

    Yes,

    This is a custom module using HTTP.

    http://flimflan.com/blog/HttpModuleToAllowACustomErrorPageFor4012AccessDeniedInASPNET.aspx

    Remember, authentication is handled before ASP.NET even starts to render a or run code on a page. If the user is prompted for authentication and access is denied, this is at the IIS level.

    So you can either create a custom HTTP handle as Josh did above and run all requests through it

    OR

    create a custom IIS error page for 401.2.

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Tuesday, November 9, 2010 8:38 AM

All replies