Authentication and custom errors

Discussion in 'ASP General' started by Mark Aurit, Sep 11, 2003.

  1. Mark Aurit

    Mark Aurit Guest

    I have an intranet application that uses w2k Integrated
    Windows Authentication to authenticate users. We now have
    a situation where people will be accessing it who are on
    our network but will not be logged into w2k - so now they
    are challenged and fail the challenge.
    To handle that situation I plan to use iis custom errors
    with one of the 401 codes to redirect the user to a
    generic page.
    The problem is that I cant figure out how to exactly
    simulate the problem on my local machine for development,
    as by definition Im of course logged into my own computer.
    Ive decided to put basic authentication on the folder
    where the authentication occurs, and then fail its
    challenge, use the redirect, etc. Once this works, then
    hopefully I can made some minor changes and use it with
    Integrated Windows.
    My question is whether this will be a valid simulation:
    do those 2 authentication systems work in the same manner
    with custom errors? In other words, I dont want to write
    a solution for basic auth that doesnt work (with minor
    tweaks - for example Im not sure if the same http error is
    thrown) with integrated auth.
    Thanks, Mark
     
    Mark Aurit, Sep 11, 2003
    #1
    1. Advertising

  2. Mark Aurit

    GVaught Guest

    Do not use basic authentication on your intranet. This will send any login
    information as clear text, which can be compromised by anyone who is
    authenticated. If you plan to use Basic, then consider adding SSL to the
    mix. If you want to keep Windows authentication, then use the idea below.

    You can setup the ability for those who are outside your domain access to
    the site using Windows authentication. What I did was create a global group
    on the PDC; adding those who needed access internally. Then I created a
    local group on the web server adding in the Global group and the individuals
    outside the domain into this local group; giving the necessary permissions.
    This allowed user's in DC to login and have access to WebPages that returned
    their files, which were located in Colorado.

    Since my pages were ASP, I was able to code in messages to user's who tried
    to access areas they were not authorized.

    Hope this helps.


    "Mark Aurit" <> wrote in message
    news:017101c3788c$0b8f6f90$...
    > I have an intranet application that uses w2k Integrated
    > Windows Authentication to authenticate users. We now have
    > a situation where people will be accessing it who are on
    > our network but will not be logged into w2k - so now they
    > are challenged and fail the challenge.
    > To handle that situation I plan to use iis custom errors
    > with one of the 401 codes to redirect the user to a
    > generic page.
    > The problem is that I cant figure out how to exactly
    > simulate the problem on my local machine for development,
    > as by definition Im of course logged into my own computer.
    > Ive decided to put basic authentication on the folder
    > where the authentication occurs, and then fail its
    > challenge, use the redirect, etc. Once this works, then
    > hopefully I can made some minor changes and use it with
    > Integrated Windows.
    > My question is whether this will be a valid simulation:
    > do those 2 authentication systems work in the same manner
    > with custom errors? In other words, I dont want to write
    > a solution for basic auth that doesnt work (with minor
    > tweaks - for example Im not sure if the same http error is
    > thrown) with integrated auth.
    > Thanks, Mark
     
    GVaught, Sep 11, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark Goldin

    Errors, errors, errors

    Mark Goldin, Jan 17, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    967
    Mark Goldin
    Jan 17, 2004
  2. SenthilVel
    Replies:
    0
    Views:
    949
    SenthilVel
    Jun 7, 2006
  3. George1776

    Out-of-memory errors and caching errors.

    George1776, Aug 28, 2006, in forum: ASP .Net
    Replies:
    2
    Views:
    1,299
    George1776
    Sep 14, 2006
  4. Lance Wynn
    Replies:
    1
    Views:
    1,851
    Lance Wynn
    Feb 3, 2008
  5. trinitypete

    Forms Authentication and Custom errors

    trinitypete, Dec 15, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    144
    trinitypete
    Dec 17, 2004
Loading...

Share This Page