Redirect Unauthorized Access

Discussion in 'ASP .Net' started by Evan M., May 23, 2007.

  1. Evan M.

    Evan M. Guest

    I've got an ASP.NET application that's using Windows authentication
    with Integrated Windows authentication turned on to manage access.

    Access to the web app should be restricted to only a couple AD Groups,
    and I'm trying to get anybody else that tries to access the
    application to be redirected to a friendly error page. However, I've
    only been able to get a generic ASP.NET error page (401.2) to be
    displayed.

    I've tried getting it set up in web.config, but no matter what I do,
    it doesn't seem to work.

    The only option I've seen so far is to remove the authorization
    information from web.config, and instead use Global.asax with the
    following handler:
    void Application_AuthenticateRequest(Object sender, EventArgs e) {
    String AuthURL = "/AccessDenied.aspx";
    if (!User.IsInRole("Domain\UserGroup")
    && Request.FilePath != AuthURL)
    {
    Server.Transfer(AuthURL);
    }
    }

    Is there something that I'm missing?
    Evan
     
    Evan M., May 23, 2007
    #1
    1. Advertising

  2. Evan M.

    bruce barker Guest

    browser access is pretty simple. the browser asks for a url, if access
    is denied, the web server returns 401 with a list of authentication
    methods. the browser is free to try again as many times as it wants with
    different credentials.

    your approach is the correct one.

    -- bruce (sqlwork.com)


    Evan M. wrote:
    > I've got an ASP.NET application that's using Windows authentication
    > with Integrated Windows authentication turned on to manage access.
    >
    > Access to the web app should be restricted to only a couple AD Groups,
    > and I'm trying to get anybody else that tries to access the
    > application to be redirected to a friendly error page. However, I've
    > only been able to get a generic ASP.NET error page (401.2) to be
    > displayed.
    >
    > I've tried getting it set up in web.config, but no matter what I do,
    > it doesn't seem to work.
    >
    > The only option I've seen so far is to remove the authorization
    > information from web.config, and instead use Global.asax with the
    > following handler:
    > void Application_AuthenticateRequest(Object sender, EventArgs e) {
    > String AuthURL = "/AccessDenied.aspx";
    > if (!User.IsInRole("Domain\UserGroup")
    > && Request.FilePath != AuthURL)
    > {
    > Server.Transfer(AuthURL);
    > }
    > }
    >
    > Is there something that I'm missing?
    > Evan
    >
     
    bruce barker, May 23, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Unauthorized Access

    , Oct 7, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    421
    cbDevelopment
    Nov 13, 2005
  2. BJ Lap
    Replies:
    2
    Views:
    573
    BJ Lap
    Nov 20, 2005
  3. =?Utf-8?B?UGF1bA==?=

    System.Unauthorized.Access.Exception

    =?Utf-8?B?UGF1bA==?=, Jan 19, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    6,716
    cbDevelopment
    Mar 13, 2006
  4. Diane Y
    Replies:
    1
    Views:
    225
    do u find solution
    Mar 28, 2006
  5. Sal
    Replies:
    1
    Views:
    549
Loading...

Share This Page