Authentication and custom errors

M

Mark Aurit

I have an intranet application that uses w2k Integrated
Windows Authentication to authenticate users. We now have
a situation where people will be accessing it who are on
our network but will not be logged into w2k - so now they
are challenged and fail the challenge.
To handle that situation I plan to use iis custom errors
with one of the 401 codes to redirect the user to a
generic page.
The problem is that I cant figure out how to exactly
simulate the problem on my local machine for development,
as by definition Im of course logged into my own computer.
Ive decided to put basic authentication on the folder
where the authentication occurs, and then fail its
challenge, use the redirect, etc. Once this works, then
hopefully I can made some minor changes and use it with
Integrated Windows.
My question is whether this will be a valid simulation:
do those 2 authentication systems work in the same manner
with custom errors? In other words, I dont want to write
a solution for basic auth that doesnt work (with minor
tweaks - for example Im not sure if the same http error is
thrown) with integrated auth.
Thanks, Mark
 
G

GVaught

Do not use basic authentication on your intranet. This will send any login
information as clear text, which can be compromised by anyone who is
authenticated. If you plan to use Basic, then consider adding SSL to the
mix. If you want to keep Windows authentication, then use the idea below.

You can setup the ability for those who are outside your domain access to
the site using Windows authentication. What I did was create a global group
on the PDC; adding those who needed access internally. Then I created a
local group on the web server adding in the Global group and the individuals
outside the domain into this local group; giving the necessary permissions.
This allowed user's in DC to login and have access to WebPages that returned
their files, which were located in Colorado.

Since my pages were ASP, I was able to code in messages to user's who tried
to access areas they were not authorized.

Hope this helps.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

httplib with NETRC authentication 4
Custom Authentication 1
website asp.net and basic authentication 1
Errors 302 and 304 3
Trap Authentication Errors in HTTP Request 1
Custom Errors Best Practices 0
Authorization Failed - 401 - Custom Errors 0
IIS 7.0 and Windows Integrated Authentication? 1

Members online

No members online now.
Total: 36 (members: 1, guests: 35)
Robots: 437

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,051
Latest member
CarleyMcCr

Latest Threads

Top