W
Wayne Carlaw
I'm trying to implement Peter Bromberg's Digest authentication .dll
(http://www.eggheadcafe.com/articles/20030701.asp); and have it working
quite well. One thing I've noticed though that I can't figure out. If a
user cancels the request, they receive a .NET 401 application error page -
not the Response.Write "Access Denied". I've tried every way I can think of
to customize that page - customErrors in web.config, capturing the
HttpApplication.Error event, configuring the IIS default error page, etc,
but nothing seems to work. Any ideas on how I can get rid of this ugly
default error page? Interesting to note, it only occurs the first time.
Once the user clicks the OK button (to attempt authentication and gets
rejected) and then clicks the "Cancel" button, the customized error page
appears.
My feeling is that when the Digest authentication prompt appears, nothing is
fired through the web application yet. It thinks you're not allowed in yet.
When you click the "OK" button from the authentication prompt, it
instantiates the OnAuthenticateRequest method. If you click Cancel on a
second attempt, I think it disposes of the AuthenticationRequest object and
behaves properly. But if you click Cancel the first time,
OnAuthenticateRequest has yet to be called, so it just spits out an error.
If anyone knows how to get around this problem I'd really appreciate the
help.
Thanks.
(http://www.eggheadcafe.com/articles/20030701.asp); and have it working
quite well. One thing I've noticed though that I can't figure out. If a
user cancels the request, they receive a .NET 401 application error page -
not the Response.Write "Access Denied". I've tried every way I can think of
to customize that page - customErrors in web.config, capturing the
HttpApplication.Error event, configuring the IIS default error page, etc,
but nothing seems to work. Any ideas on how I can get rid of this ugly
default error page? Interesting to note, it only occurs the first time.
Once the user clicks the OK button (to attempt authentication and gets
rejected) and then clicks the "Cancel" button, the customized error page
appears.
My feeling is that when the Digest authentication prompt appears, nothing is
fired through the web application yet. It thinks you're not allowed in yet.
When you click the "OK" button from the authentication prompt, it
instantiates the OnAuthenticateRequest method. If you click Cancel on a
second attempt, I think it disposes of the AuthenticationRequest object and
behaves properly. But if you click Cancel the first time,
OnAuthenticateRequest has yet to be called, so it just spits out an error.
If anyone knows how to get around this problem I'd really appreciate the
help.
Thanks.