Redirect to default page using Windows Authentication

D

Dave

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.
 
J

Jim Cheshire [MSFT]

Dave,

You would have to redirect on the 401 response. As long as the connection
with IIS is still held in cache (and it should be), this should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
 
D

Dave

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.
-----Original Message-----
Dave,

You would have to redirect on the 401 response. As long as the connection
with IIS is still held in cache (and it should be), this should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.

.
 
G

Guest

You can add the loginUrl property to the forms
authentication section in your config file :

<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>

Whenever a user has no access to an area, they would be
directly sent to the login page, and then automatically
redirected to the area they initially wanted to visit if
their security issues have been resolved by the new login
process. This also bring up the url if the session has
timed out(if you keep the roles in the session object).
Alex
 
J

Jim Cheshire [MSFT]

Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.
-----Original Message-----
Dave,

You would have to redirect on the 401 response. As long as the connection
with IIS is still held in cache (and it should be), this should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.

.
 
D

Dave

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.
-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.
-----Original Message-----
Dave,

You would have to redirect on the 401 response. As
long
as the connection
with IIS is still held in cache (and it should be),
this
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.

.
 
J

Jim Cheshire [MSFT]

Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do this in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
<[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Mon, 24 Nov 2003 13:06:52 -0800
Lines: 187
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7663
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.
-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

-----Original Message-----
Dave,

You would have to redirect on the 401 response. As long
as the connection
with IIS is still held in cache (and it should be), this
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and
confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows
Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups:
microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG:
microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected
to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.

.
 
E

Eric Larsen

Can you not redirect to a custom error page for 401 errors? I see you
can redirect for the different 401 errors in IIS, but it does not seem
to work for every case. It looks like the Error 401.3 is created by a
..NET process. Is there a way to bypass .NET catching the error?

Thanks,
Eric


Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do this in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
<[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Mon, 24 Nov 2003 13:06:52 -0800
Lines: 187
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7663
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.
-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

-----Original Message-----
Dave,

You would have to redirect on the 401 response. As
long
as the connectionthis
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.



.
 
J

Jim Cheshire [MSFT]

Eric,

No, you cannot. IIS handles that before ASP.NET has the opportunity in our
current architecture.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
From: (e-mail address removed) (Eric Larsen)
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Subject: Re: Redirect to default page using Windows Authentication
Date: 1 Dec 2003 12:58:26 -0800
Organization: http://groups.google.com
Lines: 238
Message-ID: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
NNTP-Posting-Host: 167.218.156.60
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003 20:58:27 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
ws.level3.com!postnews1.google.com!not-for-mail
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7783
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Can you not redirect to a custom error page for 401 errors? I see you
can redirect for the different 401 errors in IIS, but it does not seem
to work for every case. It looks like the Error 401.3 is created by a
.NET process. Is there a way to bypass .NET catching the error?

Thanks,
Eric


(e-mail address removed) (Jim Cheshire [MSFT]) wrote in message
Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do this in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
<[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Mon, 24 Nov 2003 13:06:52 -0800
Lines: 187
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7663
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.

-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

-----Original Message-----
Dave,

You would have to redirect on the 401 response. As
long
as the connection
with IIS is still held in cache (and it should be),
this
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups:
microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.



.
 
E

Eric Larsen

Jim

Thanks for the response, but when I configure the Custom Errors for
401;3 in IIS, I still get the the generic message instead of the file
that I set it display. All the other 401 errors go to the file, so I
can not figure out why IIS is not handling 401.3 the way it is setup
for that HTTP Error.

Thanks,
Eric

Eric,

No, you cannot. IIS handles that before ASP.NET has the opportunity in our
current architecture.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
From: (e-mail address removed) (Eric Larsen)
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Subject: Re: Redirect to default page using Windows Authentication
Date: 1 Dec 2003 12:58:26 -0800
Organization: http://groups.google.com
Lines: 238
Message-ID: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
NNTP-Posting-Host: 167.218.156.60
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003 20:58:27 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
ws.level3.com!postnews1.google.com!not-for-mail
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7783
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Can you not redirect to a custom error page for 401 errors? I see you
can redirect for the different 401 errors in IIS, but it does not seem
to work for every case. It looks like the Error 401.3 is created by a
.NET process. Is there a way to bypass .NET catching the error?

Thanks,
Eric


(e-mail address removed) (Jim Cheshire [MSFT]) wrote in message
Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do this in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Mon, 24 Nov 2003 13:06:52 -0800
Lines: 187
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7663
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.

-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

-----Original Message-----
Dave,

You would have to redirect on the 401 response. As
long
as the connection
with IIS is still held in cache (and it should be),
this
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.



.
 
J

Jim Cheshire [MSFT]

Eric,

I'm afraid I don't know about that. I specialize in ASP.NET. You should
probably post in those groups.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
From: (e-mail address removed) (Eric Larsen)
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Subject: Re: Redirect to default page using Windows Authentication
Date: 5 Dec 2003 11:26:32 -0800
Organization: http://groups.google.com
Lines: 297
Message-ID: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
NNTP-Posting-Host: 167.218.156.230
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1070652392 15234 127.0.0.1 (5 Dec 2003 19:26:32 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Fri, 5 Dec 2003 19:26:32 +0000 (UTC)
Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po
stnews1.google.com!not-for-mail
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7785
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim

Thanks for the response, but when I configure the Custom Errors for
401;3 in IIS, I still get the the generic message instead of the file
that I set it display. All the other 401 errors go to the file, so I
can not figure out why IIS is not handling 401.3 the way it is setup
for that HTTP Error.

Thanks,
Eric

(e-mail address removed) (Jim Cheshire [MSFT]) wrote in message
Eric,

No, you cannot. IIS handles that before ASP.NET has the opportunity in our
current architecture.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
From: (e-mail address removed) (Eric Larsen)
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Subject: Re: Redirect to default page using Windows Authentication
Date: 1 Dec 2003 12:58:26 -0800
Organization: http://groups.google.com
Lines: 238
Message-ID: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
NNTP-Posting-Host: 167.218.156.60
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003 20:58:27 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
ws.level3.com!postnews1.google.com!not-for-mail
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7783
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Can you not redirect to a custom error page for 401 errors? I see you
can redirect for the different 401 errors in IIS, but it does not seem
to work for every case. It looks like the Error 401.3 is created by a
.NET process. Is there a way to bypass .NET catching the error?

Thanks,
Eric


(e-mail address removed) (Jim Cheshire [MSFT]) wrote in message
Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do
this
in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Mon, 24 Nov 2003 13:06:52 -0800
Lines: 187
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7663
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.

-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

-----Original Message-----
Dave,

You would have to redirect on the 401 response. As
long
as the connection
with IIS is still held in cache (and it should be),
this
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups:
microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.



.
 
E

Eric Larsen

Jim

I will post a message in a IIS group, but I think this is a ASP.NET
problem. If I try and access a html file, the redirect works fine, it
is only when I am trying to access an aspx file that I get the 401.3
error page.

Thanks,
Eric

Eric,

I'm afraid I don't know about that. I specialize in ASP.NET. You should
probably post in those groups.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
From: (e-mail address removed) (Eric Larsen)
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Subject: Re: Redirect to default page using Windows Authentication
Date: 5 Dec 2003 11:26:32 -0800
Organization: http://groups.google.com
Lines: 297
Message-ID: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
NNTP-Posting-Host: 167.218.156.230
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1070652392 15234 127.0.0.1 (5 Dec 2003 19:26:32 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Fri, 5 Dec 2003 19:26:32 +0000 (UTC)
Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po
stnews1.google.com!not-for-mail
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7785
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim

Thanks for the response, but when I configure the Custom Errors for
401;3 in IIS, I still get the the generic message instead of the file
that I set it display. All the other 401 errors go to the file, so I
can not figure out why IIS is not handling 401.3 the way it is setup
for that HTTP Error.

Thanks,
Eric

(e-mail address removed) (Jim Cheshire [MSFT]) wrote in message
Eric,

No, you cannot. IIS handles that before ASP.NET has the opportunity in our
current architecture.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
From: (e-mail address removed) (Eric Larsen)
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Subject: Re: Redirect to default page using Windows Authentication
Date: 1 Dec 2003 12:58:26 -0800
Organization: http://groups.google.com
Lines: 238
Message-ID: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
NNTP-Posting-Host: 167.218.156.60
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003 20:58:27 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
ws.level3.com!postnews1.google.com!not-for-mail
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7783
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Can you not redirect to a custom error page for 401 errors? I see you
can redirect for the different 401 errors in IIS, but it does not seem
to work for every case. It looks like the Error 401.3 is created by a
.NET process. Is there a way to bypass .NET catching the error?

Thanks,
Eric


(e-mail address removed) (Jim Cheshire [MSFT]) wrote in message
Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do
this
in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Mon, 24 Nov 2003 13:06:52 -0800
Lines: 187
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7663
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.

-----Original Message-----
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
References: <[email protected]>
Subject: RE: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 11:46:14 -0800
Lines: 104
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7618
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

-----Original Message-----
Dave,

You would have to redirect on the 401 response. As
long
as the connection
with IIS is still held in cache (and it should be),
this
should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Dave" <[email protected]>
Sender: "Dave" <[email protected]>
Subject: Redirect to default page using Windows Authentication
Date: Tue, 18 Nov 2003 08:47:17 -0800
Lines: 22
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:7614
NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.




.



.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top