Redirect to default page using Windows Authentication

Discussion in 'ASP .Net Security' started by Dave, Nov 18, 2003.

  1. Dave

    Dave Guest

    Hi,

    Is there a way to redirect the user to a default,
    anonymous, welcome or "splash" page for our application
    when using Windows authentication with Basic enabled?

    In other words, if a user attempts to access a secured
    page directly the first time, they will be redirected to
    the application's main entry point.

    I know this defeats the purpose of setting "Favorites"
    but we want to have updates, news, instructions, etc on
    this anonymous welcome page so the user can see this
    information. It will then have a link or button that
    states "Click here to login". Ideally, it would take
    them then to the orignal page they wanted.

    I know this can be done with Forms authentication.

    Thanks, Dave.
    Dave, Nov 18, 2003
    #1
    1. Advertising

  2. Dave,

    You would have to redirect on the 401 response. As long as the connection
    with IIS is still held in cache (and it should be), this should work fine.
    (I haven't tested it, so don't hold me to it.)

    It would look something like this:

    if (HttpResponse.Status == '401 ACCESS DENIED')
    {
    Response.Redirect('login.aspx');
    }

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.


    --------------------
    >Content-Class: urn:content-classes:message
    >From: "Dave" <>
    >Sender: "Dave" <>
    >Subject: Redirect to default page using Windows Authentication
    >Date: Tue, 18 Nov 2003 08:47:17 -0800
    >Lines: 22
    >Message-ID: <018001c3adf3$a0978a90$>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Path: cpmsftngxa06.phx.gbl
    >Xref: cpmsftngxa06.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7614
    >NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >Hi,
    >
    >Is there a way to redirect the user to a default,
    >anonymous, welcome or "splash" page for our application
    >when using Windows authentication with Basic enabled?
    >
    >In other words, if a user attempts to access a secured
    >page directly the first time, they will be redirected to
    >the application's main entry point.
    >
    >I know this defeats the purpose of setting "Favorites"
    >but we want to have updates, news, instructions, etc on
    >this anonymous welcome page so the user can see this
    >information. It will then have a link or button that
    >states "Click here to login". Ideally, it would take
    >them then to the orignal page they wanted.
    >
    >I know this can be done with Forms authentication.
    >
    >Thanks, Dave.
    >
    >
    >
    Jim Cheshire [MSFT], Nov 18, 2003
    #2
    1. Advertising

  3. Dave

    Dave Guest

    Jim,

    Thanks for the response. I guess I'm not following
    where I would run the code you mentioned other than the
    global.asax.

    I have the following code in there now...

    protected void Application_AuthenticateRequest(Object
    sender, EventArgs e)
    {
    if ((Request.CurrentExecutionFilePath !
    = "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
    == false))
    {
    Response.Redirect("Index.aspx");
    }
    }

    This works on the first attempt to view a page other than
    index.aspx but when I try to click on a link that goes to
    a page secured by Basic Auth., the code above gets fired
    again and redirects me back to index.aspx. I don't have
    a chance to enter the login credentials.

    Dave.

    >-----Original Message-----
    >Dave,
    >
    >You would have to redirect on the 401 response. As long

    as the connection
    >with IIS is still held in cache (and it should be), this

    should work fine.
    >(I haven't tested it, so don't hold me to it.)
    >
    >It would look something like this:
    >
    >if (HttpResponse.Status == '401 ACCESS DENIED')
    >{
    > Response.Redirect('login.aspx');
    >}
    >
    >Jim Cheshire, MCSE, MCSD [MSFT]
    >Developer Support
    >ASP.NET
    >
    >
    >This post is provided as-is with no warranties and

    confers no rights.
    >
    >
    >--------------------
    >>Content-Class: urn:content-classes:message
    >>From: "Dave" <>
    >>Sender: "Dave" <>
    >>Subject: Redirect to default page using Windows

    Authentication
    >>Date: Tue, 18 Nov 2003 08:47:17 -0800
    >>Lines: 22
    >>Message-ID: <018001c3adf3$a0978a90$>
    >>MIME-Version: 1.0
    >>Content-Type: text/plain;
    >> charset="iso-8859-1"
    >>Content-Transfer-Encoding: 7bit
    >>X-Newsreader: Microsoft CDO for Windows 2000
    >>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >>Newsgroups:

    microsoft.public.dotnet.framework.aspnet.security
    >>Path: cpmsftngxa06.phx.gbl
    >>Xref: cpmsftngxa06.phx.gbl

    >microsoft.public.dotnet.framework.aspnet.security:7614
    >>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >>X-Tomcat-NG:

    microsoft.public.dotnet.framework.aspnet.security
    >>
    >>Hi,
    >>
    >>Is there a way to redirect the user to a default,
    >>anonymous, welcome or "splash" page for our application
    >>when using Windows authentication with Basic enabled?
    >>
    >>In other words, if a user attempts to access a secured
    >>page directly the first time, they will be redirected

    to
    >>the application's main entry point.
    >>
    >>I know this defeats the purpose of setting "Favorites"
    >>but we want to have updates, news, instructions, etc on
    >>this anonymous welcome page so the user can see this
    >>information. It will then have a link or button that
    >>states "Click here to login". Ideally, it would take
    >>them then to the orignal page they wanted.
    >>
    >>I know this can be done with Forms authentication.
    >>
    >>Thanks, Dave.
    >>
    >>
    >>

    >
    >.
    >
    Dave, Nov 18, 2003
    #3
  4. Dave

    Guest Guest

    You can add the loginUrl property to the forms
    authentication section in your config file :

    <authentication mode="Forms">
    <forms loginUrl="Login.aspx" />
    </authentication>

    Whenever a user has no access to an area, they would be
    directly sent to the login page, and then automatically
    redirected to the area they initially wanted to visit if
    their security issues have been resolved by the new login
    process. This also bring up the url if the session has
    timed out(if you keep the roles in the session object).
    Alex
    Guest, Nov 19, 2003
    #4
  5. Dave,

    That's correct. There's no way around that. The way wininet
    authentication works is that if the resource you are requesting does not
    allow anonymous access, a 401 is sent back to the browser. If the resource
    is using Windows Integrated authentication and the browser is configured to
    automatically send credentials, the token is sent back and the user is
    authenticated. In the case of Basic authentication, a login prompt is
    displayed and the user must log in.

    If you intercept the 401 and redirect somewhere, you hijack the browser's
    ability to challenge. There is no way around that.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >Content-Class: urn:content-classes:message
    >From: "Dave" <>
    >Sender: "Dave" <>
    >References: <018001c3adf3$a0978a90$>

    <>
    >Subject: RE: Redirect to default page using Windows Authentication
    >Date: Tue, 18 Nov 2003 11:46:14 -0800
    >Lines: 104
    >Message-ID: <014601c3ae0c$9ff59be0$>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Path: cpmsftngxa06.phx.gbl
    >Xref: cpmsftngxa06.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7618
    >NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >Jim,
    >
    >Thanks for the response. I guess I'm not following
    >where I would run the code you mentioned other than the
    >global.asax.
    >
    >I have the following code in there now...
    >
    >protected void Application_AuthenticateRequest(Object
    >sender, EventArgs e)
    > {
    >if ((Request.CurrentExecutionFilePath !
    >= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
    >== false))
    > {
    > Response.Redirect("Index.aspx");
    > }
    >}
    >
    >This works on the first attempt to view a page other than
    >index.aspx but when I try to click on a link that goes to
    >a page secured by Basic Auth., the code above gets fired
    >again and redirects me back to index.aspx. I don't have
    >a chance to enter the login credentials.
    >
    >Dave.
    >
    >>-----Original Message-----
    >>Dave,
    >>
    >>You would have to redirect on the 401 response. As long

    >as the connection
    >>with IIS is still held in cache (and it should be), this

    >should work fine.
    >>(I haven't tested it, so don't hold me to it.)
    >>
    >>It would look something like this:
    >>
    >>if (HttpResponse.Status == '401 ACCESS DENIED')
    >>{
    >> Response.Redirect('login.aspx');
    >>}
    >>
    >>Jim Cheshire, MCSE, MCSD [MSFT]
    >>Developer Support
    >>ASP.NET
    >>
    >>
    >>This post is provided as-is with no warranties and

    >confers no rights.
    >>
    >>
    >>--------------------
    >>>Content-Class: urn:content-classes:message
    >>>From: "Dave" <>
    >>>Sender: "Dave" <>
    >>>Subject: Redirect to default page using Windows

    >Authentication
    >>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    >>>Lines: 22
    >>>Message-ID: <018001c3adf3$a0978a90$>
    >>>MIME-Version: 1.0
    >>>Content-Type: text/plain;
    >>> charset="iso-8859-1"
    >>>Content-Transfer-Encoding: 7bit
    >>>X-Newsreader: Microsoft CDO for Windows 2000
    >>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >>>Newsgroups:

    >microsoft.public.dotnet.framework.aspnet.security
    >>>Path: cpmsftngxa06.phx.gbl
    >>>Xref: cpmsftngxa06.phx.gbl

    >>microsoft.public.dotnet.framework.aspnet.security:7614
    >>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >>>X-Tomcat-NG:

    >microsoft.public.dotnet.framework.aspnet.security
    >>>
    >>>Hi,
    >>>
    >>>Is there a way to redirect the user to a default,
    >>>anonymous, welcome or "splash" page for our application
    >>>when using Windows authentication with Basic enabled?
    >>>
    >>>In other words, if a user attempts to access a secured
    >>>page directly the first time, they will be redirected

    >to
    >>>the application's main entry point.
    >>>
    >>>I know this defeats the purpose of setting "Favorites"
    >>>but we want to have updates, news, instructions, etc on
    >>>this anonymous welcome page so the user can see this
    >>>information. It will then have a link or button that
    >>>states "Click here to login". Ideally, it would take
    >>>them then to the orignal page they wanted.
    >>>
    >>>I know this can be done with Forms authentication.
    >>>
    >>>Thanks, Dave.
    >>>
    >>>
    >>>

    >>
    >>.
    >>

    >
    Jim Cheshire [MSFT], Nov 19, 2003
    #5
  6. Dave

    Dave Guest

    Thanks, but I'm talking about Windows authentication. Not
    forms.


    >-----Original Message-----
    >You can add the loginUrl property to the forms
    >authentication section in your config file :
    >
    ><authentication mode="Forms">
    > <forms loginUrl="Login.aspx" />
    ></authentication>
    >
    >Whenever a user has no access to an area, they would be
    >directly sent to the login page, and then automatically
    >redirected to the area they initially wanted to visit if
    >their security issues have been resolved by the new

    login
    >process. This also bring up the url if the session has
    >timed out(if you keep the roles in the session object).
    >Alex
    >.
    >
    Dave, Nov 24, 2003
    #6
  7. Dave

    Dave Guest

    That's just it. I'm not sure where to trap that error.
    Initially I thought an HttpModule would be my only
    option, but I'm not even sure if the Http Request will
    get that far in the pipeline.

    The webserver may get intercept the request and return
    that error before I can do any type of redirect on the
    backend using asp.net.

    Dave.

    >-----Original Message-----
    >Dave,
    >
    >That's correct. There's no way around that. The way

    wininet
    >authentication works is that if the resource you are

    requesting does not
    >allow anonymous access, a 401 is sent back to the

    browser. If the resource
    >is using Windows Integrated authentication and the

    browser is configured to
    >automatically send credentials, the token is sent back

    and the user is
    >authenticated. In the case of Basic authentication, a

    login prompt is
    >displayed and the user must log in.
    >
    >If you intercept the 401 and redirect somewhere, you

    hijack the browser's
    >ability to challenge. There is no way around that.
    >
    >Jim Cheshire, MCSE, MCSD [MSFT]
    >Developer Support
    >ASP.NET
    >
    >
    >This post is provided as-is with no warranties and

    confers no rights.
    >
    >--------------------
    >>Content-Class: urn:content-classes:message
    >>From: "Dave" <>
    >>Sender: "Dave" <>
    >>References: <018001c3adf3$a0978a90$>

    ><>
    >>Subject: RE: Redirect to default page using Windows

    Authentication
    >>Date: Tue, 18 Nov 2003 11:46:14 -0800
    >>Lines: 104
    >>Message-ID: <014601c3ae0c$9ff59be0$>
    >>MIME-Version: 1.0
    >>Content-Type: text/plain;
    >> charset="iso-8859-1"
    >>Content-Transfer-Encoding: 7bit
    >>X-Newsreader: Microsoft CDO for Windows 2000
    >>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    >>Newsgroups:

    microsoft.public.dotnet.framework.aspnet.security
    >>Path: cpmsftngxa06.phx.gbl
    >>Xref: cpmsftngxa06.phx.gbl

    >microsoft.public.dotnet.framework.aspnet.security:7618
    >>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    >>X-Tomcat-NG:

    microsoft.public.dotnet.framework.aspnet.security
    >>
    >>Jim,
    >>
    >>Thanks for the response. I guess I'm not following
    >>where I would run the code you mentioned other than the
    >>global.asax.
    >>
    >>I have the following code in there now...
    >>
    >>protected void Application_AuthenticateRequest(Object
    >>sender, EventArgs e)
    >> {
    >>if ((Request.CurrentExecutionFilePath !
    >>= "/MyApp/Index.aspx") &&

    (User.Identity.IsAuthenticated
    >>== false))
    >> {
    >> Response.Redirect("Index.aspx");
    >> }
    >>}
    >>
    >>This works on the first attempt to view a page other

    than
    >>index.aspx but when I try to click on a link that goes

    to
    >>a page secured by Basic Auth., the code above gets

    fired
    >>again and redirects me back to index.aspx. I don't

    have
    >>a chance to enter the login credentials.
    >>
    >>Dave.
    >>
    >>>-----Original Message-----
    >>>Dave,
    >>>
    >>>You would have to redirect on the 401 response. As

    long
    >>as the connection
    >>>with IIS is still held in cache (and it should be),

    this
    >>should work fine.
    >>>(I haven't tested it, so don't hold me to it.)
    >>>
    >>>It would look something like this:
    >>>
    >>>if (HttpResponse.Status == '401 ACCESS DENIED')
    >>>{
    >>> Response.Redirect('login.aspx');
    >>>}
    >>>
    >>>Jim Cheshire, MCSE, MCSD [MSFT]
    >>>Developer Support
    >>>ASP.NET
    >>>
    >>>
    >>>This post is provided as-is with no warranties and

    >>confers no rights.
    >>>
    >>>
    >>>--------------------
    >>>>Content-Class: urn:content-classes:message
    >>>>From: "Dave" <>
    >>>>Sender: "Dave" <>
    >>>>Subject: Redirect to default page using Windows

    >>Authentication
    >>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    >>>>Lines: 22
    >>>>Message-ID: <018001c3adf3$a0978a90$>
    >>>>MIME-Version: 1.0
    >>>>Content-Type: text/plain;
    >>>> charset="iso-8859-1"
    >>>>Content-Transfer-Encoding: 7bit
    >>>>X-Newsreader: Microsoft CDO for Windows 2000
    >>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >>>>X-MimeOLE: Produced By Microsoft MimeOLE

    V5.50.4910.0300
    >>>>Newsgroups:

    >>microsoft.public.dotnet.framework.aspnet.security
    >>>>Path: cpmsftngxa06.phx.gbl
    >>>>Xref: cpmsftngxa06.phx.gbl
    >>>microsoft.public.dotnet.framework.aspnet.security:7614
    >>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >>>>X-Tomcat-NG:

    >>microsoft.public.dotnet.framework.aspnet.security
    >>>>
    >>>>Hi,
    >>>>
    >>>>Is there a way to redirect the user to a default,
    >>>>anonymous, welcome or "splash" page for our

    application
    >>>>when using Windows authentication with Basic enabled?
    >>>>
    >>>>In other words, if a user attempts to access a

    secured
    >>>>page directly the first time, they will be redirected

    >>to
    >>>>the application's main entry point.
    >>>>
    >>>>I know this defeats the purpose of

    setting "Favorites"
    >>>>but we want to have updates, news, instructions, etc

    on
    >>>>this anonymous welcome page so the user can see this
    >>>>information. It will then have a link or button that
    >>>>states "Click here to login". Ideally, it would take
    >>>>them then to the orignal page they wanted.
    >>>>
    >>>>I know this can be done with Forms authentication.
    >>>>
    >>>>Thanks, Dave.
    >>>>
    >>>>
    >>>>
    >>>
    >>>.
    >>>

    >>

    >
    >.
    >
    Dave, Nov 24, 2003
    #7
  8. Dave,

    You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
    only 403, 404, and 500 errors are valid for customErrors. We have changed
    that for the next version of ASP.NET, and you should be able to do this in
    ASP.NET 2.0.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >Content-Class: urn:content-classes:message
    >From: "Dave" <>
    >Sender: "Dave" <>
    >References: <018001c3adf3$a0978a90$>

    <>
    <014601c3ae0c$9ff59be0$>
    <>
    >Subject: RE: Redirect to default page using Windows Authentication
    >Date: Mon, 24 Nov 2003 13:06:52 -0800
    >Lines: 187
    >Message-ID: <028901c3b2ce$e20a2a70$>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Path: cpmsftngxa07.phx.gbl
    >Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7663
    >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >That's just it. I'm not sure where to trap that error.
    >Initially I thought an HttpModule would be my only
    >option, but I'm not even sure if the Http Request will
    >get that far in the pipeline.
    >
    >The webserver may get intercept the request and return
    >that error before I can do any type of redirect on the
    >backend using asp.net.
    >
    >Dave.
    >
    >>-----Original Message-----
    >>Dave,
    >>
    >>That's correct. There's no way around that. The way

    >wininet
    >>authentication works is that if the resource you are

    >requesting does not
    >>allow anonymous access, a 401 is sent back to the

    >browser. If the resource
    >>is using Windows Integrated authentication and the

    >browser is configured to
    >>automatically send credentials, the token is sent back

    >and the user is
    >>authenticated. In the case of Basic authentication, a

    >login prompt is
    >>displayed and the user must log in.
    >>
    >>If you intercept the 401 and redirect somewhere, you

    >hijack the browser's
    >>ability to challenge. There is no way around that.
    >>
    >>Jim Cheshire, MCSE, MCSD [MSFT]
    >>Developer Support
    >>ASP.NET
    >>
    >>
    >>This post is provided as-is with no warranties and

    >confers no rights.
    >>
    >>--------------------
    >>>Content-Class: urn:content-classes:message
    >>>From: "Dave" <>
    >>>Sender: "Dave" <>
    >>>References: <018001c3adf3$a0978a90$>

    >><>
    >>>Subject: RE: Redirect to default page using Windows

    >Authentication
    >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
    >>>Lines: 104
    >>>Message-ID: <014601c3ae0c$9ff59be0$>
    >>>MIME-Version: 1.0
    >>>Content-Type: text/plain;
    >>> charset="iso-8859-1"
    >>>Content-Transfer-Encoding: 7bit
    >>>X-Newsreader: Microsoft CDO for Windows 2000
    >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    >>>Newsgroups:

    >microsoft.public.dotnet.framework.aspnet.security
    >>>Path: cpmsftngxa06.phx.gbl
    >>>Xref: cpmsftngxa06.phx.gbl

    >>microsoft.public.dotnet.framework.aspnet.security:7618
    >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    >>>X-Tomcat-NG:

    >microsoft.public.dotnet.framework.aspnet.security
    >>>
    >>>Jim,
    >>>
    >>>Thanks for the response. I guess I'm not following
    >>>where I would run the code you mentioned other than the
    >>>global.asax.
    >>>
    >>>I have the following code in there now...
    >>>
    >>>protected void Application_AuthenticateRequest(Object
    >>>sender, EventArgs e)
    >>> {
    >>>if ((Request.CurrentExecutionFilePath !
    >>>= "/MyApp/Index.aspx") &&

    >(User.Identity.IsAuthenticated
    >>>== false))
    >>> {
    >>> Response.Redirect("Index.aspx");
    >>> }
    >>>}
    >>>
    >>>This works on the first attempt to view a page other

    >than
    >>>index.aspx but when I try to click on a link that goes

    >to
    >>>a page secured by Basic Auth., the code above gets

    >fired
    >>>again and redirects me back to index.aspx. I don't

    >have
    >>>a chance to enter the login credentials.
    >>>
    >>>Dave.
    >>>
    >>>>-----Original Message-----
    >>>>Dave,
    >>>>
    >>>>You would have to redirect on the 401 response. As

    >long
    >>>as the connection
    >>>>with IIS is still held in cache (and it should be),

    >this
    >>>should work fine.
    >>>>(I haven't tested it, so don't hold me to it.)
    >>>>
    >>>>It would look something like this:
    >>>>
    >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
    >>>>{
    >>>> Response.Redirect('login.aspx');
    >>>>}
    >>>>
    >>>>Jim Cheshire, MCSE, MCSD [MSFT]
    >>>>Developer Support
    >>>>ASP.NET
    >>>>
    >>>>
    >>>>This post is provided as-is with no warranties and
    >>>confers no rights.
    >>>>
    >>>>
    >>>>--------------------
    >>>>>Content-Class: urn:content-classes:message
    >>>>>From: "Dave" <>
    >>>>>Sender: "Dave" <>
    >>>>>Subject: Redirect to default page using Windows
    >>>Authentication
    >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    >>>>>Lines: 22
    >>>>>Message-ID: <018001c3adf3$a0978a90$>
    >>>>>MIME-Version: 1.0
    >>>>>Content-Type: text/plain;
    >>>>> charset="iso-8859-1"
    >>>>>Content-Transfer-Encoding: 7bit
    >>>>>X-Newsreader: Microsoft CDO for Windows 2000
    >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

    >V5.50.4910.0300
    >>>>>Newsgroups:
    >>>microsoft.public.dotnet.framework.aspnet.security
    >>>>>Path: cpmsftngxa06.phx.gbl
    >>>>>Xref: cpmsftngxa06.phx.gbl
    >>>>microsoft.public.dotnet.framework.aspnet.security:7614
    >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >>>>>X-Tomcat-NG:
    >>>microsoft.public.dotnet.framework.aspnet.security
    >>>>>
    >>>>>Hi,
    >>>>>
    >>>>>Is there a way to redirect the user to a default,
    >>>>>anonymous, welcome or "splash" page for our

    >application
    >>>>>when using Windows authentication with Basic enabled?
    >>>>>
    >>>>>In other words, if a user attempts to access a

    >secured
    >>>>>page directly the first time, they will be redirected
    >>>to
    >>>>>the application's main entry point.
    >>>>>
    >>>>>I know this defeats the purpose of

    >setting "Favorites"
    >>>>>but we want to have updates, news, instructions, etc

    >on
    >>>>>this anonymous welcome page so the user can see this
    >>>>>information. It will then have a link or button that
    >>>>>states "Click here to login". Ideally, it would take
    >>>>>them then to the orignal page they wanted.
    >>>>>
    >>>>>I know this can be done with Forms authentication.
    >>>>>
    >>>>>Thanks, Dave.
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>>.
    >>>>
    >>>

    >>
    >>.
    >>

    >
    Jim Cheshire [MSFT], Nov 24, 2003
    #8
  9. Dave

    Eric Larsen Guest

    Can you not redirect to a custom error page for 401 errors? I see you
    can redirect for the different 401 errors in IIS, but it does not seem
    to work for every case. It looks like the Error 401.3 is created by a
    ..NET process. Is there a way to bypass .NET catching the error?

    Thanks,
    Eric


    (Jim Cheshire [MSFT]) wrote in message news:<>...
    > Dave,
    >
    > You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
    > only 403, 404, and 500 errors are valid for customErrors. We have changed
    > that for the next version of ASP.NET, and you should be able to do this in
    > ASP.NET 2.0.
    >
    > Jim Cheshire, MCSE, MCSD [MSFT]
    > Developer Support
    > ASP.NET
    >
    >
    > This post is provided as-is with no warranties and confers no rights.
    >
    > --------------------
    > >Content-Class: urn:content-classes:message
    > >From: "Dave" <>
    > >Sender: "Dave" <>
    > >References: <018001c3adf3$a0978a90$>

    > <>
    > <014601c3ae0c$9ff59be0$>
    > <>
    > >Subject: RE: Redirect to default page using Windows Authentication
    > >Date: Mon, 24 Nov 2003 13:06:52 -0800
    > >Lines: 187
    > >Message-ID: <028901c3b2ce$e20a2a70$>
    > >MIME-Version: 1.0
    > >Content-Type: text/plain;
    > > charset="iso-8859-1"
    > >Content-Transfer-Encoding: 7bit
    > >X-Newsreader: Microsoft CDO for Windows 2000
    > >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    > >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
    > >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > >Path: cpmsftngxa07.phx.gbl
    > >Xref: cpmsftngxa07.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7663
    > >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    > >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >
    > >That's just it. I'm not sure where to trap that error.
    > >Initially I thought an HttpModule would be my only
    > >option, but I'm not even sure if the Http Request will
    > >get that far in the pipeline.
    > >
    > >The webserver may get intercept the request and return
    > >that error before I can do any type of redirect on the
    > >backend using asp.net.
    > >
    > >Dave.
    > >
    > >>-----Original Message-----
    > >>Dave,
    > >>
    > >>That's correct. There's no way around that. The way

    > wininet
    > >>authentication works is that if the resource you are

    > requesting does not
    > >>allow anonymous access, a 401 is sent back to the

    > browser. If the resource
    > >>is using Windows Integrated authentication and the

    > browser is configured to
    > >>automatically send credentials, the token is sent back

    > and the user is
    > >>authenticated. In the case of Basic authentication, a

    > login prompt is
    > >>displayed and the user must log in.
    > >>
    > >>If you intercept the 401 and redirect somewhere, you

    > hijack the browser's
    > >>ability to challenge. There is no way around that.
    > >>
    > >>Jim Cheshire, MCSE, MCSD [MSFT]
    > >>Developer Support
    > >>ASP.NET
    > >>
    > >>
    > >>This post is provided as-is with no warranties and

    > confers no rights.
    > >>
    > >>--------------------
    > >>>Content-Class: urn:content-classes:message
    > >>>From: "Dave" <>
    > >>>Sender: "Dave" <>
    > >>>References: <018001c3adf3$a0978a90$>

    > <>
    > >>>Subject: RE: Redirect to default page using Windows

    > Authentication
    > >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
    > >>>Lines: 104
    > >>>Message-ID: <014601c3ae0c$9ff59be0$>
    > >>>MIME-Version: 1.0
    > >>>Content-Type: text/plain;
    > >>> charset="iso-8859-1"
    > >>>Content-Transfer-Encoding: 7bit
    > >>>X-Newsreader: Microsoft CDO for Windows 2000
    > >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    > >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    > >>>Newsgroups:

    > microsoft.public.dotnet.framework.aspnet.security
    > >>>Path: cpmsftngxa06.phx.gbl
    > >>>Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7618
    > >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    > >>>X-Tomcat-NG:

    > microsoft.public.dotnet.framework.aspnet.security
    > >>>
    > >>>Jim,
    > >>>
    > >>>Thanks for the response. I guess I'm not following
    > >>>where I would run the code you mentioned other than the
    > >>>global.asax.
    > >>>
    > >>>I have the following code in there now...
    > >>>
    > >>>protected void Application_AuthenticateRequest(Object
    > >>>sender, EventArgs e)
    > >>> {
    > >>>if ((Request.CurrentExecutionFilePath !
    > >>>= "/MyApp/Index.aspx") &&

    > (User.Identity.IsAuthenticated
    > >>>== false))
    > >>> {
    > >>> Response.Redirect("Index.aspx");
    > >>> }
    > >>>}
    > >>>
    > >>>This works on the first attempt to view a page other

    > than
    > >>>index.aspx but when I try to click on a link that goes

    > to
    > >>>a page secured by Basic Auth., the code above gets

    > fired
    > >>>again and redirects me back to index.aspx. I don't

    > have
    > >>>a chance to enter the login credentials.
    > >>>
    > >>>Dave.
    > >>>
    > >>>>-----Original Message-----
    > >>>>Dave,
    > >>>>
    > >>>>You would have to redirect on the 401 response. As

    > long
    > as the connection
    > >>>>with IIS is still held in cache (and it should be),

    > this
    > should work fine.
    > >>>>(I haven't tested it, so don't hold me to it.)
    > >>>>
    > >>>>It would look something like this:
    > >>>>
    > >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
    > >>>>{
    > >>>> Response.Redirect('login.aspx');
    > >>>>}
    > >>>>
    > >>>>Jim Cheshire, MCSE, MCSD [MSFT]
    > >>>>Developer Support
    > >>>>ASP.NET
    > >>>>
    > >>>>
    > >>>>This post is provided as-is with no warranties and

    > confers no rights.
    > >>>>
    > >>>>
    > >>>>--------------------
    > >>>>>Content-Class: urn:content-classes:message
    > >>>>>From: "Dave" <>
    > >>>>>Sender: "Dave" <>
    > >>>>>Subject: Redirect to default page using Windows

    > Authentication
    > >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    > >>>>>Lines: 22
    > >>>>>Message-ID: <018001c3adf3$a0978a90$>
    > >>>>>MIME-Version: 1.0
    > >>>>>Content-Type: text/plain;
    > >>>>> charset="iso-8859-1"
    > >>>>>Content-Transfer-Encoding: 7bit
    > >>>>>X-Newsreader: Microsoft CDO for Windows 2000
    > >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    > >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

    > V5.50.4910.0300
    > >>>>>Newsgroups:

    > microsoft.public.dotnet.framework.aspnet.security
    > >>>>>Path: cpmsftngxa06.phx.gbl
    > >>>>>Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7614
    > >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    > >>>>>X-Tomcat-NG:

    > microsoft.public.dotnet.framework.aspnet.security
    > >>>>>
    > >>>>>Hi,
    > >>>>>
    > >>>>>Is there a way to redirect the user to a default,
    > >>>>>anonymous, welcome or "splash" page for our

    > application
    > >>>>>when using Windows authentication with Basic enabled?
    > >>>>>
    > >>>>>In other words, if a user attempts to access a

    > secured
    > >>>>>page directly the first time, they will be redirected

    > to
    > >>>>>the application's main entry point.
    > >>>>>
    > >>>>>I know this defeats the purpose of

    > setting "Favorites"
    > >>>>>but we want to have updates, news, instructions, etc

    > on
    > >>>>>this anonymous welcome page so the user can see this
    > >>>>>information. It will then have a link or button that
    > >>>>>states "Click here to login". Ideally, it would take
    > >>>>>them then to the orignal page they wanted.
    > >>>>>
    > >>>>>I know this can be done with Forms authentication.
    > >>>>>
    > >>>>>Thanks, Dave.
    > >>>>>
    > >>>>>
    > >>>>>
    > >>>>
    > >>>>.
    > >>>>
    > >>>
    > >>
    > >>.
    > >>

    > >
    Eric Larsen, Dec 1, 2003
    #9
  10. Eric,

    No, you cannot. IIS handles that before ASP.NET has the opportunity in our
    current architecture.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >From: (Eric Larsen)
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Subject: Re: Redirect to default page using Windows Authentication
    >Date: 1 Dec 2003 12:58:26 -0800
    >Organization: http://groups.google.com
    >Lines: 238
    >Message-ID: <>
    >References: <018001c3adf3$a0978a90$>

    <>
    <014601c3ae0c$9ff59be0$>
    <>
    <028901c3b2ce$e20a2a70$>
    <>
    >NNTP-Posting-Host: 167.218.156.60
    >Content-Type: text/plain; charset=ISO-8859-1
    >Content-Transfer-Encoding: 8bit
    >X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003

    20:58:27 GMT)
    >X-Complaints-To:
    >NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
    >Path:

    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
    e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
    us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
    ws.level3.com!postnews1.google.com!not-for-mail
    >Xref: cpmsftngxa06.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7783
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >Can you not redirect to a custom error page for 401 errors? I see you
    >can redirect for the different 401 errors in IIS, but it does not seem
    >to work for every case. It looks like the Error 401.3 is created by a
    >.NET process. Is there a way to bypass .NET catching the error?
    >
    >Thanks,
    >Eric
    >
    >
    > (Jim Cheshire [MSFT]) wrote in message

    news:<>...
    >> Dave,
    >>
    >> You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is

    that
    >> only 403, 404, and 500 errors are valid for customErrors. We have

    changed
    >> that for the next version of ASP.NET, and you should be able to do this

    in
    >> ASP.NET 2.0.
    >>
    >> Jim Cheshire, MCSE, MCSD [MSFT]
    >> Developer Support
    >> ASP.NET
    >>
    >>
    >> This post is provided as-is with no warranties and confers no rights.
    >>
    >> --------------------
    >> >Content-Class: urn:content-classes:message
    >> >From: "Dave" <>
    >> >Sender: "Dave" <>
    >> >References: <018001c3adf3$a0978a90$>

    >> <>
    >> <014601c3ae0c$9ff59be0$>
    >> <>
    >> >Subject: RE: Redirect to default page using Windows Authentication
    >> >Date: Mon, 24 Nov 2003 13:06:52 -0800
    >> >Lines: 187
    >> >Message-ID: <028901c3b2ce$e20a2a70$>
    >> >MIME-Version: 1.0
    >> >Content-Type: text/plain;
    >> > charset="iso-8859-1"
    >> >Content-Transfer-Encoding: 7bit
    >> >X-Newsreader: Microsoft CDO for Windows 2000
    >> >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >> >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
    >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >> >Path: cpmsftngxa07.phx.gbl
    >> >Xref: cpmsftngxa07.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7663
    >> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >> >
    >> >That's just it. I'm not sure where to trap that error.
    >> >Initially I thought an HttpModule would be my only
    >> >option, but I'm not even sure if the Http Request will
    >> >get that far in the pipeline.
    >> >
    >> >The webserver may get intercept the request and return
    >> >that error before I can do any type of redirect on the
    >> >backend using asp.net.
    >> >
    >> >Dave.
    >> >
    >> >>-----Original Message-----
    >> >>Dave,
    >> >>
    >> >>That's correct. There's no way around that. The way

    >> wininet
    >> >>authentication works is that if the resource you are

    >> requesting does not
    >> >>allow anonymous access, a 401 is sent back to the

    >> browser. If the resource
    >> >>is using Windows Integrated authentication and the

    >> browser is configured to
    >> >>automatically send credentials, the token is sent back

    >> and the user is
    >> >>authenticated. In the case of Basic authentication, a

    >> login prompt is
    >> >>displayed and the user must log in.
    >> >>
    >> >>If you intercept the 401 and redirect somewhere, you

    >> hijack the browser's
    >> >>ability to challenge. There is no way around that.
    >> >>
    >> >>Jim Cheshire, MCSE, MCSD [MSFT]
    >> >>Developer Support
    >> >>ASP.NET
    >> >>
    >> >>
    >> >>This post is provided as-is with no warranties and

    >> confers no rights.
    >> >>
    >> >>--------------------
    >> >>>Content-Class: urn:content-classes:message
    >> >>>From: "Dave" <>
    >> >>>Sender: "Dave" <>
    >> >>>References: <018001c3adf3$a0978a90$>

    >> <>
    >> >>>Subject: RE: Redirect to default page using Windows

    >> Authentication
    >> >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
    >> >>>Lines: 104
    >> >>>Message-ID: <014601c3ae0c$9ff59be0$>
    >> >>>MIME-Version: 1.0
    >> >>>Content-Type: text/plain;
    >> >>> charset="iso-8859-1"
    >> >>>Content-Transfer-Encoding: 7bit
    >> >>>X-Newsreader: Microsoft CDO for Windows 2000
    >> >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >> >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    >> >>>Newsgroups:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >>>Path: cpmsftngxa06.phx.gbl
    >> >>>Xref: cpmsftngxa06.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7618
    >> >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    >> >>>X-Tomcat-NG:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >>>
    >> >>>Jim,
    >> >>>
    >> >>>Thanks for the response. I guess I'm not following
    >> >>>where I would run the code you mentioned other than the
    >> >>>global.asax.
    >> >>>
    >> >>>I have the following code in there now...
    >> >>>
    >> >>>protected void Application_AuthenticateRequest(Object
    >> >>>sender, EventArgs e)
    >> >>> {
    >> >>>if ((Request.CurrentExecutionFilePath !
    >> >>>= "/MyApp/Index.aspx") &&

    >> (User.Identity.IsAuthenticated
    >> >>>== false))
    >> >>> {
    >> >>> Response.Redirect("Index.aspx");
    >> >>> }
    >> >>>}
    >> >>>
    >> >>>This works on the first attempt to view a page other

    >> than
    >> >>>index.aspx but when I try to click on a link that goes

    >> to
    >> >>>a page secured by Basic Auth., the code above gets

    >> fired
    >> >>>again and redirects me back to index.aspx. I don't

    >> have
    >> >>>a chance to enter the login credentials.
    >> >>>
    >> >>>Dave.
    >> >>>
    >> >>>>-----Original Message-----
    >> >>>>Dave,
    >> >>>>
    >> >>>>You would have to redirect on the 401 response. As

    >> long
    >> as the connection
    >> >>>>with IIS is still held in cache (and it should be),

    >> this
    >> should work fine.
    >> >>>>(I haven't tested it, so don't hold me to it.)
    >> >>>>
    >> >>>>It would look something like this:
    >> >>>>
    >> >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
    >> >>>>{
    >> >>>> Response.Redirect('login.aspx');
    >> >>>>}
    >> >>>>
    >> >>>>Jim Cheshire, MCSE, MCSD [MSFT]
    >> >>>>Developer Support
    >> >>>>ASP.NET
    >> >>>>
    >> >>>>
    >> >>>>This post is provided as-is with no warranties and

    >> confers no rights.
    >> >>>>
    >> >>>>
    >> >>>>--------------------
    >> >>>>>Content-Class: urn:content-classes:message
    >> >>>>>From: "Dave" <>
    >> >>>>>Sender: "Dave" <>
    >> >>>>>Subject: Redirect to default page using Windows

    >> Authentication
    >> >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    >> >>>>>Lines: 22
    >> >>>>>Message-ID: <018001c3adf3$a0978a90$>
    >> >>>>>MIME-Version: 1.0
    >> >>>>>Content-Type: text/plain;
    >> >>>>> charset="iso-8859-1"
    >> >>>>>Content-Transfer-Encoding: 7bit
    >> >>>>>X-Newsreader: Microsoft CDO for Windows 2000
    >> >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >> >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

    >> V5.50.4910.0300
    >> >>>>>Newsgroups:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >>>>>Path: cpmsftngxa06.phx.gbl
    >> >>>>>Xref: cpmsftngxa06.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7614
    >> >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >> >>>>>X-Tomcat-NG:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >>>>>
    >> >>>>>Hi,
    >> >>>>>
    >> >>>>>Is there a way to redirect the user to a default,
    >> >>>>>anonymous, welcome or "splash" page for our

    >> application
    >> >>>>>when using Windows authentication with Basic enabled?
    >> >>>>>
    >> >>>>>In other words, if a user attempts to access a

    >> secured
    >> >>>>>page directly the first time, they will be redirected

    >> to
    >> >>>>>the application's main entry point.
    >> >>>>>
    >> >>>>>I know this defeats the purpose of

    >> setting "Favorites"
    >> >>>>>but we want to have updates, news, instructions, etc

    >> on
    >> >>>>>this anonymous welcome page so the user can see this
    >> >>>>>information. It will then have a link or button that
    >> >>>>>states "Click here to login". Ideally, it would take
    >> >>>>>them then to the orignal page they wanted.
    >> >>>>>
    >> >>>>>I know this can be done with Forms authentication.
    >> >>>>>
    >> >>>>>Thanks, Dave.
    >> >>>>>
    >> >>>>>
    >> >>>>>
    >> >>>>
    >> >>>>.
    >> >>>>
    >> >>>
    >> >>
    >> >>.
    >> >>
    >> >

    >
    Jim Cheshire [MSFT], Dec 2, 2003
    #10
  11. Dave

    Eric Larsen Guest

    Jim

    Thanks for the response, but when I configure the Custom Errors for
    401;3 in IIS, I still get the the generic message instead of the file
    that I set it display. All the other 401 errors go to the file, so I
    can not figure out why IIS is not handling 401.3 the way it is setup
    for that HTTP Error.

    Thanks,
    Eric

    (Jim Cheshire [MSFT]) wrote in message news:<wLpyg$>...
    > Eric,
    >
    > No, you cannot. IIS handles that before ASP.NET has the opportunity in our
    > current architecture.
    >
    > Jim Cheshire, MCSE, MCSD [MSFT]
    > Developer Support
    > ASP.NET
    >
    >
    > This post is provided as-is with no warranties and confers no rights.
    >
    > --------------------
    > >From: (Eric Larsen)
    > >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > >Subject: Re: Redirect to default page using Windows Authentication
    > >Date: 1 Dec 2003 12:58:26 -0800
    > >Organization: http://groups.google.com
    > >Lines: 238
    > >Message-ID: <>
    > >References: <018001c3adf3$a0978a90$>

    > <>
    > <014601c3ae0c$9ff59be0$>
    > <>
    > <028901c3b2ce$e20a2a70$>
    > <>
    > >NNTP-Posting-Host: 167.218.156.60
    > >Content-Type: text/plain; charset=ISO-8859-1
    > >Content-Transfer-Encoding: 8bit
    > >X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003

    > 20:58:27 GMT)
    > >X-Complaints-To:
    > >NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
    > >Path:

    > cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
    > e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
    > us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
    > ws.level3.com!postnews1.google.com!not-for-mail
    > >Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7783
    > >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >
    > >Can you not redirect to a custom error page for 401 errors? I see you
    > >can redirect for the different 401 errors in IIS, but it does not seem
    > >to work for every case. It looks like the Error 401.3 is created by a
    > >.NET process. Is there a way to bypass .NET catching the error?
    > >
    > >Thanks,
    > >Eric
    > >
    > >
    > > (Jim Cheshire [MSFT]) wrote in message

    > news:<>...
    > >> Dave,
    > >>
    > >> You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is

    > that
    > >> only 403, 404, and 500 errors are valid for customErrors. We have

    > changed
    > >> that for the next version of ASP.NET, and you should be able to do this

    > in
    > >> ASP.NET 2.0.
    > >>
    > >> Jim Cheshire, MCSE, MCSD [MSFT]
    > >> Developer Support
    > >> ASP.NET
    > >>
    > >>
    > >> This post is provided as-is with no warranties and confers no rights.
    > >>
    > >> --------------------
    > >> >Content-Class: urn:content-classes:message
    > >> >From: "Dave" <>
    > >> >Sender: "Dave" <>
    > >> >References: <018001c3adf3$a0978a90$>
    > >> <>
    > >> <014601c3ae0c$9ff59be0$>
    > >> <>
    > >> >Subject: RE: Redirect to default page using Windows Authentication
    > >> >Date: Mon, 24 Nov 2003 13:06:52 -0800
    > >> >Lines: 187
    > >> >Message-ID: <028901c3b2ce$e20a2a70$>
    > >> >MIME-Version: 1.0
    > >> >Content-Type: text/plain;
    > >> > charset="iso-8859-1"
    > >> >Content-Transfer-Encoding: 7bit
    > >> >X-Newsreader: Microsoft CDO for Windows 2000
    > >> >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    > >> >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
    > >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > >> >Path: cpmsftngxa07.phx.gbl
    > >> >Xref: cpmsftngxa07.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7663
    > >> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    > >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >> >
    > >> >That's just it. I'm not sure where to trap that error.
    > >> >Initially I thought an HttpModule would be my only
    > >> >option, but I'm not even sure if the Http Request will
    > >> >get that far in the pipeline.
    > >> >
    > >> >The webserver may get intercept the request and return
    > >> >that error before I can do any type of redirect on the
    > >> >backend using asp.net.
    > >> >
    > >> >Dave.
    > >> >
    > >> >>-----Original Message-----
    > >> >>Dave,
    > >> >>
    > >> >>That's correct. There's no way around that. The way

    > wininet
    > >> >>authentication works is that if the resource you are

    > requesting does not
    > >> >>allow anonymous access, a 401 is sent back to the

    > browser. If the resource
    > >> >>is using Windows Integrated authentication and the

    > browser is configured to
    > >> >>automatically send credentials, the token is sent back

    > and the user is
    > >> >>authenticated. In the case of Basic authentication, a

    > login prompt is
    > >> >>displayed and the user must log in.
    > >> >>
    > >> >>If you intercept the 401 and redirect somewhere, you

    > hijack the browser's
    > >> >>ability to challenge. There is no way around that.
    > >> >>
    > >> >>Jim Cheshire, MCSE, MCSD [MSFT]
    > >> >>Developer Support
    > >> >>ASP.NET
    > >> >>
    > >> >>
    > >> >>This post is provided as-is with no warranties and

    > confers no rights.
    > >> >>
    > >> >>--------------------
    > >> >>>Content-Class: urn:content-classes:message
    > >> >>>From: "Dave" <>
    > >> >>>Sender: "Dave" <>
    > >> >>>References: <018001c3adf3$a0978a90$>

    > <>
    > >> >>>Subject: RE: Redirect to default page using Windows

    > Authentication
    > >> >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
    > >> >>>Lines: 104
    > >> >>>Message-ID: <014601c3ae0c$9ff59be0$>
    > >> >>>MIME-Version: 1.0
    > >> >>>Content-Type: text/plain;
    > >> >>> charset="iso-8859-1"
    > >> >>>Content-Transfer-Encoding: 7bit
    > >> >>>X-Newsreader: Microsoft CDO for Windows 2000
    > >> >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    > >> >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    > >> >>>Newsgroups:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >>>Path: cpmsftngxa06.phx.gbl
    > >> >>>Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7618
    > >> >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    > >> >>>X-Tomcat-NG:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >>>
    > >> >>>Jim,
    > >> >>>
    > >> >>>Thanks for the response. I guess I'm not following
    > >> >>>where I would run the code you mentioned other than the
    > >> >>>global.asax.
    > >> >>>
    > >> >>>I have the following code in there now...
    > >> >>>
    > >> >>>protected void Application_AuthenticateRequest(Object
    > >> >>>sender, EventArgs e)
    > >> >>> {
    > >> >>>if ((Request.CurrentExecutionFilePath !
    > >> >>>= "/MyApp/Index.aspx") &&

    > (User.Identity.IsAuthenticated
    > >> >>>== false))
    > >> >>> {
    > >> >>> Response.Redirect("Index.aspx");
    > >> >>> }
    > >> >>>}
    > >> >>>
    > >> >>>This works on the first attempt to view a page other

    > than
    > >> >>>index.aspx but when I try to click on a link that goes

    > to
    > >> >>>a page secured by Basic Auth., the code above gets

    > fired
    > >> >>>again and redirects me back to index.aspx. I don't

    > have
    > >> >>>a chance to enter the login credentials.
    > >> >>>
    > >> >>>Dave.
    > >> >>>
    > >> >>>>-----Original Message-----
    > >> >>>>Dave,
    > >> >>>>
    > >> >>>>You would have to redirect on the 401 response. As
    > >> long
    > >> as the connection
    > >> >>>>with IIS is still held in cache (and it should be),
    > >> this
    > >> should work fine.
    > >> >>>>(I haven't tested it, so don't hold me to it.)
    > >> >>>>
    > >> >>>>It would look something like this:
    > >> >>>>
    > >> >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
    > >> >>>>{
    > >> >>>> Response.Redirect('login.aspx');
    > >> >>>>}
    > >> >>>>
    > >> >>>>Jim Cheshire, MCSE, MCSD [MSFT]
    > >> >>>>Developer Support
    > >> >>>>ASP.NET
    > >> >>>>
    > >> >>>>
    > >> >>>>This post is provided as-is with no warranties and

    > confers no rights.
    > >> >>>>
    > >> >>>>
    > >> >>>>--------------------
    > >> >>>>>Content-Class: urn:content-classes:message
    > >> >>>>>From: "Dave" <>
    > >> >>>>>Sender: "Dave" <>
    > >> >>>>>Subject: Redirect to default page using Windows

    > Authentication
    > >> >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    > >> >>>>>Lines: 22
    > >> >>>>>Message-ID: <018001c3adf3$a0978a90$>
    > >> >>>>>MIME-Version: 1.0
    > >> >>>>>Content-Type: text/plain;
    > >> >>>>> charset="iso-8859-1"
    > >> >>>>>Content-Transfer-Encoding: 7bit
    > >> >>>>>X-Newsreader: Microsoft CDO for Windows 2000
    > >> >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    > >> >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

    > V5.50.4910.0300
    > >> >>>>>Newsgroups:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >>>>>Path: cpmsftngxa06.phx.gbl
    > >> >>>>>Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7614
    > >> >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    > >> >>>>>X-Tomcat-NG:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >>>>>
    > >> >>>>>Hi,
    > >> >>>>>
    > >> >>>>>Is there a way to redirect the user to a default,
    > >> >>>>>anonymous, welcome or "splash" page for our

    > application
    > >> >>>>>when using Windows authentication with Basic enabled?
    > >> >>>>>
    > >> >>>>>In other words, if a user attempts to access a

    > secured
    > >> >>>>>page directly the first time, they will be redirected

    > to
    > >> >>>>>the application's main entry point.
    > >> >>>>>
    > >> >>>>>I know this defeats the purpose of

    > setting "Favorites"
    > >> >>>>>but we want to have updates, news, instructions, etc

    > on
    > >> >>>>>this anonymous welcome page so the user can see this
    > >> >>>>>information. It will then have a link or button that
    > >> >>>>>states "Click here to login". Ideally, it would take
    > >> >>>>>them then to the orignal page they wanted.
    > >> >>>>>
    > >> >>>>>I know this can be done with Forms authentication.
    > >> >>>>>
    > >> >>>>>Thanks, Dave.
    > >> >>>>>
    > >> >>>>>
    > >> >>>>>
    > >> >>>>
    > >> >>>>.
    > >> >>>>
    > >> >>>
    > >> >>
    > >> >>.
    > >> >>
    > >> >

    > >
    Eric Larsen, Dec 5, 2003
    #11
  12. Eric,

    I'm afraid I don't know about that. I specialize in ASP.NET. You should
    probably post in those groups.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >From: (Eric Larsen)
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Subject: Re: Redirect to default page using Windows Authentication
    >Date: 5 Dec 2003 11:26:32 -0800
    >Organization: http://groups.google.com
    >Lines: 297
    >Message-ID: <>
    >References: <018001c3adf3$a0978a90$>

    <>
    <014601c3ae0c$9ff59be0$>
    <>
    <028901c3b2ce$e20a2a70$>
    <>
    <>
    <wLpyg$>
    >NNTP-Posting-Host: 167.218.156.230
    >Content-Type: text/plain; charset=ISO-8859-1
    >Content-Transfer-Encoding: 8bit
    >X-Trace: posting.google.com 1070652392 15234 127.0.0.1 (5 Dec 2003

    19:26:32 GMT)
    >X-Complaints-To:
    >NNTP-Posting-Date: Fri, 5 Dec 2003 19:26:32 +0000 (UTC)
    >Path:

    cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
    l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po
    stnews1.google.com!not-for-mail
    >Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7785
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >Jim
    >
    >Thanks for the response, but when I configure the Custom Errors for
    >401;3 in IIS, I still get the the generic message instead of the file
    >that I set it display. All the other 401 errors go to the file, so I
    >can not figure out why IIS is not handling 401.3 the way it is setup
    >for that HTTP Error.
    >
    >Thanks,
    >Eric
    >
    > (Jim Cheshire [MSFT]) wrote in message

    news:<wLpyg$>...
    >> Eric,
    >>
    >> No, you cannot. IIS handles that before ASP.NET has the opportunity in

    our
    >> current architecture.
    >>
    >> Jim Cheshire, MCSE, MCSD [MSFT]
    >> Developer Support
    >> ASP.NET
    >>
    >>
    >> This post is provided as-is with no warranties and confers no rights.
    >>
    >> --------------------
    >> >From: (Eric Larsen)
    >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >> >Subject: Re: Redirect to default page using Windows Authentication
    >> >Date: 1 Dec 2003 12:58:26 -0800
    >> >Organization: http://groups.google.com
    >> >Lines: 238
    >> >Message-ID: <>
    >> >References: <018001c3adf3$a0978a90$>

    >> <>
    >> <014601c3ae0c$9ff59be0$>
    >> <>
    >> <028901c3b2ce$e20a2a70$>
    >> <>
    >> >NNTP-Posting-Host: 167.218.156.60
    >> >Content-Type: text/plain; charset=ISO-8859-1
    >> >Content-Transfer-Encoding: 8bit
    >> >X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003

    >> 20:58:27 GMT)
    >> >X-Complaints-To:
    >> >NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
    >> >Path:

    >>

    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
    >>

    e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
    >>

    us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
    >> ws.level3.com!postnews1.google.com!not-for-mail
    >> >Xref: cpmsftngxa06.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7783
    >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >> >
    >> >Can you not redirect to a custom error page for 401 errors? I see you
    >> >can redirect for the different 401 errors in IIS, but it does not seem
    >> >to work for every case. It looks like the Error 401.3 is created by a
    >> >.NET process. Is there a way to bypass .NET catching the error?
    >> >
    >> >Thanks,
    >> >Eric
    >> >
    >> >
    >> > (Jim Cheshire [MSFT]) wrote in message

    >> news:<>...
    >> >> Dave,
    >> >>
    >> >> You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is

    >> that
    >> >> only 403, 404, and 500 errors are valid for customErrors. We have

    >> changed
    >> >> that for the next version of ASP.NET, and you should be able to do

    this
    >> in
    >> >> ASP.NET 2.0.
    >> >>
    >> >> Jim Cheshire, MCSE, MCSD [MSFT]
    >> >> Developer Support
    >> >> ASP.NET
    >> >>
    >> >>
    >> >> This post is provided as-is with no warranties and confers no rights.
    >> >>
    >> >> --------------------
    >> >> >Content-Class: urn:content-classes:message
    >> >> >From: "Dave" <>
    >> >> >Sender: "Dave" <>
    >> >> >References: <018001c3adf3$a0978a90$>
    >> >> <>
    >> >> <014601c3ae0c$9ff59be0$>
    >> >> <>
    >> >> >Subject: RE: Redirect to default page using Windows Authentication
    >> >> >Date: Mon, 24 Nov 2003 13:06:52 -0800
    >> >> >Lines: 187
    >> >> >Message-ID: <028901c3b2ce$e20a2a70$>
    >> >> >MIME-Version: 1.0
    >> >> >Content-Type: text/plain;
    >> >> > charset="iso-8859-1"
    >> >> >Content-Transfer-Encoding: 7bit
    >> >> >X-Newsreader: Microsoft CDO for Windows 2000
    >> >> >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >> >> >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
    >> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >> >> >Path: cpmsftngxa07.phx.gbl
    >> >> >Xref: cpmsftngxa07.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7663
    >> >> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    >> >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >> >> >
    >> >> >That's just it. I'm not sure where to trap that error.
    >> >> >Initially I thought an HttpModule would be my only
    >> >> >option, but I'm not even sure if the Http Request will
    >> >> >get that far in the pipeline.
    >> >> >
    >> >> >The webserver may get intercept the request and return
    >> >> >that error before I can do any type of redirect on the
    >> >> >backend using asp.net.
    >> >> >
    >> >> >Dave.
    >> >> >
    >> >> >>-----Original Message-----
    >> >> >>Dave,
    >> >> >>
    >> >> >>That's correct. There's no way around that. The way

    >> wininet
    >> >> >>authentication works is that if the resource you are

    >> requesting does not
    >> >> >>allow anonymous access, a 401 is sent back to the

    >> browser. If the resource
    >> >> >>is using Windows Integrated authentication and the

    >> browser is configured to
    >> >> >>automatically send credentials, the token is sent back

    >> and the user is
    >> >> >>authenticated. In the case of Basic authentication, a

    >> login prompt is
    >> >> >>displayed and the user must log in.
    >> >> >>
    >> >> >>If you intercept the 401 and redirect somewhere, you

    >> hijack the browser's
    >> >> >>ability to challenge. There is no way around that.
    >> >> >>
    >> >> >>Jim Cheshire, MCSE, MCSD [MSFT]
    >> >> >>Developer Support
    >> >> >>ASP.NET
    >> >> >>
    >> >> >>
    >> >> >>This post is provided as-is with no warranties and

    >> confers no rights.
    >> >> >>
    >> >> >>--------------------
    >> >> >>>Content-Class: urn:content-classes:message
    >> >> >>>From: "Dave" <>
    >> >> >>>Sender: "Dave" <>
    >> >> >>>References: <018001c3adf3$a0978a90$>

    >> <>
    >> >> >>>Subject: RE: Redirect to default page using Windows

    >> Authentication
    >> >> >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
    >> >> >>>Lines: 104
    >> >> >>>Message-ID: <014601c3ae0c$9ff59be0$>
    >> >> >>>MIME-Version: 1.0
    >> >> >>>Content-Type: text/plain;
    >> >> >>> charset="iso-8859-1"
    >> >> >>>Content-Transfer-Encoding: 7bit
    >> >> >>>X-Newsreader: Microsoft CDO for Windows 2000
    >> >> >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >> >> >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    >> >> >>>Newsgroups:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >> >>>Path: cpmsftngxa06.phx.gbl
    >> >> >>>Xref: cpmsftngxa06.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7618
    >> >> >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    >> >> >>>X-Tomcat-NG:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >> >>>
    >> >> >>>Jim,
    >> >> >>>
    >> >> >>>Thanks for the response. I guess I'm not following
    >> >> >>>where I would run the code you mentioned other than the
    >> >> >>>global.asax.
    >> >> >>>
    >> >> >>>I have the following code in there now...
    >> >> >>>
    >> >> >>>protected void Application_AuthenticateRequest(Object
    >> >> >>>sender, EventArgs e)
    >> >> >>> {
    >> >> >>>if ((Request.CurrentExecutionFilePath !
    >> >> >>>= "/MyApp/Index.aspx") &&

    >> (User.Identity.IsAuthenticated
    >> >> >>>== false))
    >> >> >>> {
    >> >> >>> Response.Redirect("Index.aspx");
    >> >> >>> }
    >> >> >>>}
    >> >> >>>
    >> >> >>>This works on the first attempt to view a page other

    >> than
    >> >> >>>index.aspx but when I try to click on a link that goes

    >> to
    >> >> >>>a page secured by Basic Auth., the code above gets

    >> fired
    >> >> >>>again and redirects me back to index.aspx. I don't

    >> have
    >> >> >>>a chance to enter the login credentials.
    >> >> >>>
    >> >> >>>Dave.
    >> >> >>>
    >> >> >>>>-----Original Message-----
    >> >> >>>>Dave,
    >> >> >>>>
    >> >> >>>>You would have to redirect on the 401 response. As
    >> >> long
    >> >> as the connection
    >> >> >>>>with IIS is still held in cache (and it should be),
    >> >> this
    >> >> should work fine.
    >> >> >>>>(I haven't tested it, so don't hold me to it.)
    >> >> >>>>
    >> >> >>>>It would look something like this:
    >> >> >>>>
    >> >> >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
    >> >> >>>>{
    >> >> >>>> Response.Redirect('login.aspx');
    >> >> >>>>}
    >> >> >>>>
    >> >> >>>>Jim Cheshire, MCSE, MCSD [MSFT]
    >> >> >>>>Developer Support
    >> >> >>>>ASP.NET
    >> >> >>>>
    >> >> >>>>
    >> >> >>>>This post is provided as-is with no warranties and

    >> confers no rights.
    >> >> >>>>
    >> >> >>>>
    >> >> >>>>--------------------
    >> >> >>>>>Content-Class: urn:content-classes:message
    >> >> >>>>>From: "Dave" <>
    >> >> >>>>>Sender: "Dave" <>
    >> >> >>>>>Subject: Redirect to default page using Windows

    >> Authentication
    >> >> >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    >> >> >>>>>Lines: 22
    >> >> >>>>>Message-ID: <018001c3adf3$a0978a90$>
    >> >> >>>>>MIME-Version: 1.0
    >> >> >>>>>Content-Type: text/plain;
    >> >> >>>>> charset="iso-8859-1"
    >> >> >>>>>Content-Transfer-Encoding: 7bit
    >> >> >>>>>X-Newsreader: Microsoft CDO for Windows 2000
    >> >> >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    >> >> >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

    >> V5.50.4910.0300
    >> >> >>>>>Newsgroups:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >> >>>>>Path: cpmsftngxa06.phx.gbl
    >> >> >>>>>Xref: cpmsftngxa06.phx.gbl

    >> microsoft.public.dotnet.framework.aspnet.security:7614
    >> >> >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    >> >> >>>>>X-Tomcat-NG:

    >> microsoft.public.dotnet.framework.aspnet.security
    >> >> >>>>>
    >> >> >>>>>Hi,
    >> >> >>>>>
    >> >> >>>>>Is there a way to redirect the user to a default,
    >> >> >>>>>anonymous, welcome or "splash" page for our

    >> application
    >> >> >>>>>when using Windows authentication with Basic enabled?
    >> >> >>>>>
    >> >> >>>>>In other words, if a user attempts to access a

    >> secured
    >> >> >>>>>page directly the first time, they will be redirected

    >> to
    >> >> >>>>>the application's main entry point.
    >> >> >>>>>
    >> >> >>>>>I know this defeats the purpose of

    >> setting "Favorites"
    >> >> >>>>>but we want to have updates, news, instructions, etc

    >> on
    >> >> >>>>>this anonymous welcome page so the user can see this
    >> >> >>>>>information. It will then have a link or button that
    >> >> >>>>>states "Click here to login". Ideally, it would take
    >> >> >>>>>them then to the orignal page they wanted.
    >> >> >>>>>
    >> >> >>>>>I know this can be done with Forms authentication.
    >> >> >>>>>
    >> >> >>>>>Thanks, Dave.
    >> >> >>>>>
    >> >> >>>>>
    >> >> >>>>>
    >> >> >>>>
    >> >> >>>>.
    >> >> >>>>
    >> >> >>>
    >> >> >>
    >> >> >>.
    >> >> >>
    >> >> >
    >> >

    >
    Jim Cheshire [MSFT], Dec 5, 2003
    #12
  13. Dave

    Eric Larsen Guest

    Jim

    I will post a message in a IIS group, but I think this is a ASP.NET
    problem. If I try and access a html file, the redirect works fine, it
    is only when I am trying to access an aspx file that I get the 401.3
    error page.

    Thanks,
    Eric

    (Jim Cheshire [MSFT]) wrote in message news:<>...
    > Eric,
    >
    > I'm afraid I don't know about that. I specialize in ASP.NET. You should
    > probably post in those groups.
    >
    > Jim Cheshire, MCSE, MCSD [MSFT]
    > Developer Support
    > ASP.NET
    >
    >
    > This post is provided as-is with no warranties and confers no rights.
    >
    > --------------------
    > >From: (Eric Larsen)
    > >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > >Subject: Re: Redirect to default page using Windows Authentication
    > >Date: 5 Dec 2003 11:26:32 -0800
    > >Organization: http://groups.google.com
    > >Lines: 297
    > >Message-ID: <>
    > >References: <018001c3adf3$a0978a90$>

    > <>
    > <014601c3ae0c$9ff59be0$>
    > <>
    > <028901c3b2ce$e20a2a70$>
    > <>
    > <>
    > <wLpyg$>
    > >NNTP-Posting-Host: 167.218.156.230
    > >Content-Type: text/plain; charset=ISO-8859-1
    > >Content-Transfer-Encoding: 8bit
    > >X-Trace: posting.google.com 1070652392 15234 127.0.0.1 (5 Dec 2003

    > 19:26:32 GMT)
    > >X-Complaints-To:
    > >NNTP-Posting-Date: Fri, 5 Dec 2003 19:26:32 +0000 (UTC)
    > >Path:

    > cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
    > l.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!po
    > stnews1.google.com!not-for-mail
    > >Xref: cpmsftngxa07.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7785
    > >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >
    > >Jim
    > >
    > >Thanks for the response, but when I configure the Custom Errors for
    > >401;3 in IIS, I still get the the generic message instead of the file
    > >that I set it display. All the other 401 errors go to the file, so I
    > >can not figure out why IIS is not handling 401.3 the way it is setup
    > >for that HTTP Error.
    > >
    > >Thanks,
    > >Eric
    > >
    > > (Jim Cheshire [MSFT]) wrote in message

    > news:<wLpyg$>...
    > >> Eric,
    > >>
    > >> No, you cannot. IIS handles that before ASP.NET has the opportunity in

    > our
    > >> current architecture.
    > >>
    > >> Jim Cheshire, MCSE, MCSD [MSFT]
    > >> Developer Support
    > >> ASP.NET
    > >>
    > >>
    > >> This post is provided as-is with no warranties and confers no rights.
    > >>
    > >> --------------------
    > >> >From: (Eric Larsen)
    > >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > >> >Subject: Re: Redirect to default page using Windows Authentication
    > >> >Date: 1 Dec 2003 12:58:26 -0800
    > >> >Organization: http://groups.google.com
    > >> >Lines: 238
    > >> >Message-ID: <>
    > >> >References: <018001c3adf3$a0978a90$>
    > >> <>
    > >> <014601c3ae0c$9ff59be0$>
    > >> <>
    > >> <028901c3b2ce$e20a2a70$>
    > >> <>
    > >> >NNTP-Posting-Host: 167.218.156.60
    > >> >Content-Type: text/plain; charset=ISO-8859-1
    > >> >Content-Transfer-Encoding: 8bit
    > >> >X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003

    > 20:58:27 GMT)
    > >> >X-Complaints-To:
    > >> >NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
    > >> >Path:
    > >>

    > cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
    > >>

    > e.de!peernews3.colt.net!news0.de.colt.net!eusc.inter.net!priapus.visi.com!ze
    > >>

    > us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!ne
    > >> ws.level3.com!postnews1.google.com!not-for-mail
    > >> >Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7783
    > >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >> >
    > >> >Can you not redirect to a custom error page for 401 errors? I see you
    > >> >can redirect for the different 401 errors in IIS, but it does not seem
    > >> >to work for every case. It looks like the Error 401.3 is created by a
    > >> >.NET process. Is there a way to bypass .NET catching the error?
    > >> >
    > >> >Thanks,
    > >> >Eric
    > >> >
    > >> >
    > >> > (Jim Cheshire [MSFT]) wrote in message

    > news:<>...
    > >> >> Dave,
    > >> >>
    > >> >> You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is

    > that
    > >> >> only 403, 404, and 500 errors are valid for customErrors. We have

    > changed
    > >> >> that for the next version of ASP.NET, and you should be able to do

    > this
    > in
    > >> >> ASP.NET 2.0.
    > >> >>
    > >> >> Jim Cheshire, MCSE, MCSD [MSFT]
    > >> >> Developer Support
    > >> >> ASP.NET
    > >> >>
    > >> >>
    > >> >> This post is provided as-is with no warranties and confers no rights.
    > >> >>
    > >> >> --------------------
    > >> >> >Content-Class: urn:content-classes:message
    > >> >> >From: "Dave" <>
    > >> >> >Sender: "Dave" <>
    > >> >> >References: <018001c3adf3$a0978a90$>
    > >> >> <>
    > >> >> <014601c3ae0c$9ff59be0$>
    > >> >> <>
    > >> >> >Subject: RE: Redirect to default page using Windows Authentication
    > >> >> >Date: Mon, 24 Nov 2003 13:06:52 -0800
    > >> >> >Lines: 187
    > >> >> >Message-ID: <028901c3b2ce$e20a2a70$>
    > >> >> >MIME-Version: 1.0
    > >> >> >Content-Type: text/plain;
    > >> >> > charset="iso-8859-1"
    > >> >> >Content-Transfer-Encoding: 7bit
    > >> >> >X-Newsreader: Microsoft CDO for Windows 2000
    > >> >> >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    > >> >> >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
    > >> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > >> >> >Path: cpmsftngxa07.phx.gbl
    > >> >> >Xref: cpmsftngxa07.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7663
    > >> >> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    > >> >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > >> >> >
    > >> >> >That's just it. I'm not sure where to trap that error.
    > >> >> >Initially I thought an HttpModule would be my only
    > >> >> >option, but I'm not even sure if the Http Request will
    > >> >> >get that far in the pipeline.
    > >> >> >
    > >> >> >The webserver may get intercept the request and return
    > >> >> >that error before I can do any type of redirect on the
    > >> >> >backend using asp.net.
    > >> >> >
    > >> >> >Dave.
    > >> >> >
    > >> >> >>-----Original Message-----
    > >> >> >>Dave,
    > >> >> >>
    > >> >> >>That's correct. There's no way around that. The way

    > wininet
    > >> >> >>authentication works is that if the resource you are

    > requesting does not
    > >> >> >>allow anonymous access, a 401 is sent back to the

    > browser. If the resource
    > >> >> >>is using Windows Integrated authentication and the

    > browser is configured to
    > >> >> >>automatically send credentials, the token is sent back

    > and the user is
    > >> >> >>authenticated. In the case of Basic authentication, a

    > login prompt is
    > >> >> >>displayed and the user must log in.
    > >> >> >>
    > >> >> >>If you intercept the 401 and redirect somewhere, you

    > hijack the browser's
    > >> >> >>ability to challenge. There is no way around that.
    > >> >> >>
    > >> >> >>Jim Cheshire, MCSE, MCSD [MSFT]
    > >> >> >>Developer Support
    > >> >> >>ASP.NET
    > >> >> >>
    > >> >> >>
    > >> >> >>This post is provided as-is with no warranties and

    > confers no rights.
    > >> >> >>
    > >> >> >>--------------------
    > >> >> >>>Content-Class: urn:content-classes:message
    > >> >> >>>From: "Dave" <>
    > >> >> >>>Sender: "Dave" <>
    > >> >> >>>References: <018001c3adf3$a0978a90$>

    > <>
    > >> >> >>>Subject: RE: Redirect to default page using Windows

    > Authentication
    > >> >> >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
    > >> >> >>>Lines: 104
    > >> >> >>>Message-ID: <014601c3ae0c$9ff59be0$>
    > >> >> >>>MIME-Version: 1.0
    > >> >> >>>Content-Type: text/plain;
    > >> >> >>> charset="iso-8859-1"
    > >> >> >>>Content-Transfer-Encoding: 7bit
    > >> >> >>>X-Newsreader: Microsoft CDO for Windows 2000
    > >> >> >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    > >> >> >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
    > >> >> >>>Newsgroups:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >> >>>Path: cpmsftngxa06.phx.gbl
    > >> >> >>>Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7618
    > >> >> >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
    > >> >> >>>X-Tomcat-NG:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >> >>>
    > >> >> >>>Jim,
    > >> >> >>>
    > >> >> >>>Thanks for the response. I guess I'm not following
    > >> >> >>>where I would run the code you mentioned other than the
    > >> >> >>>global.asax.
    > >> >> >>>
    > >> >> >>>I have the following code in there now...
    > >> >> >>>
    > >> >> >>>protected void Application_AuthenticateRequest(Object
    > >> >> >>>sender, EventArgs e)
    > >> >> >>> {
    > >> >> >>>if ((Request.CurrentExecutionFilePath !
    > >> >> >>>= "/MyApp/Index.aspx") &&

    > (User.Identity.IsAuthenticated
    > >> >> >>>== false))
    > >> >> >>> {
    > >> >> >>> Response.Redirect("Index.aspx");
    > >> >> >>> }
    > >> >> >>>}
    > >> >> >>>
    > >> >> >>>This works on the first attempt to view a page other

    > than
    > >> >> >>>index.aspx but when I try to click on a link that goes

    > to
    > >> >> >>>a page secured by Basic Auth., the code above gets

    > fired
    > >> >> >>>again and redirects me back to index.aspx. I don't

    > have
    > >> >> >>>a chance to enter the login credentials.
    > >> >> >>>
    > >> >> >>>Dave.
    > >> >> >>>
    > >> >> >>>>-----Original Message-----
    > >> >> >>>>Dave,
    > >> >> >>>>
    > >> >> >>>>You would have to redirect on the 401 response. As
    > >> >> long
    > >> >> as the connection
    > >> >> >>>>with IIS is still held in cache (and it should be),
    > >> >> this
    > >> >> should work fine.
    > >> >> >>>>(I haven't tested it, so don't hold me to it.)
    > >> >> >>>>
    > >> >> >>>>It would look something like this:
    > >> >> >>>>
    > >> >> >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
    > >> >> >>>>{
    > >> >> >>>> Response.Redirect('login.aspx');
    > >> >> >>>>}
    > >> >> >>>>
    > >> >> >>>>Jim Cheshire, MCSE, MCSD [MSFT]
    > >> >> >>>>Developer Support
    > >> >> >>>>ASP.NET
    > >> >> >>>>
    > >> >> >>>>
    > >> >> >>>>This post is provided as-is with no warranties and

    > confers no rights.
    > >> >> >>>>
    > >> >> >>>>
    > >> >> >>>>--------------------
    > >> >> >>>>>Content-Class: urn:content-classes:message
    > >> >> >>>>>From: "Dave" <>
    > >> >> >>>>>Sender: "Dave" <>
    > >> >> >>>>>Subject: Redirect to default page using Windows

    > Authentication
    > >> >> >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
    > >> >> >>>>>Lines: 22
    > >> >> >>>>>Message-ID: <018001c3adf3$a0978a90$>
    > >> >> >>>>>MIME-Version: 1.0
    > >> >> >>>>>Content-Type: text/plain;
    > >> >> >>>>> charset="iso-8859-1"
    > >> >> >>>>>Content-Transfer-Encoding: 7bit
    > >> >> >>>>>X-Newsreader: Microsoft CDO for Windows 2000
    > >> >> >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
    > >> >> >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

    > V5.50.4910.0300
    > >> >> >>>>>Newsgroups:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >> >>>>>Path: cpmsftngxa06.phx.gbl
    > >> >> >>>>>Xref: cpmsftngxa06.phx.gbl

    > microsoft.public.dotnet.framework.aspnet.security:7614
    > >> >> >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    > >> >> >>>>>X-Tomcat-NG:

    > microsoft.public.dotnet.framework.aspnet.security
    > >> >> >>>>>
    > >> >> >>>>>Hi,
    > >> >> >>>>>
    > >> >> >>>>>Is there a way to redirect the user to a default,
    > >> >> >>>>>anonymous, welcome or "splash" page for our

    > application
    > >> >> >>>>>when using Windows authentication with Basic enabled?
    > >> >> >>>>>
    > >> >> >>>>>In other words, if a user attempts to access a

    > secured
    > >> >> >>>>>page directly the first time, they will be redirected

    > to
    > >> >> >>>>>the application's main entry point.
    > >> >> >>>>>
    > >> >> >>>>>I know this defeats the purpose of

    > setting "Favorites"
    > >> >> >>>>>but we want to have updates, news, instructions, etc

    > on
    > >> >> >>>>>this anonymous welcome page so the user can see this
    > >> >> >>>>>information. It will then have a link or button that
    > >> >> >>>>>states "Click here to login". Ideally, it would take
    > >> >> >>>>>them then to the orignal page they wanted.
    > >> >> >>>>>
    > >> >> >>>>>I know this can be done with Forms authentication.
    > >> >> >>>>>
    > >> >> >>>>>Thanks, Dave.
    > >> >> >>>>>
    > >> >> >>>>>
    > >> >> >>>>>
    > >> >> >>>>
    > >> >> >>>>.
    > >> >> >>>>
    > >> >> >>>
    > >> >> >>
    > >> >> >>.
    > >> >> >>
    > >> >> >
    > >> >

    > >
    Eric Larsen, Dec 10, 2003
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave
    Replies:
    4
    Views:
    771
  2. =?Utf-8?B?VHJveQ==?=

    Response.redirect does not redirect from .aspx page

    =?Utf-8?B?VHJveQ==?=, Oct 18, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    5,221
    Srowe1975
    Oct 15, 2008
  3. savvy
    Replies:
    8
    Views:
    22,761
    kamer
    Nov 18, 2006
  4. Sal
    Replies:
    1
    Views:
    380
  5. Ketan Shah
    Replies:
    1
    Views:
    131
    JIGNESH
    Oct 25, 2007
Loading...

Share This Page