Sending Status as 401.1

[Guest]

We are trying to refuse data display to users based on some internal criteria. The site uses Basic Authentication for security.

Through ASP.NET we can send a status of 401. The request to our site comes from an application that understands the HTTP protocol.

If we send 401, the requsting application comes back to our application with the same user credentials. I read somewhere that 401 does not "exactly" mean access denied. The exact status code is 401.1 or 401.2.

The Status property of the Response object is an "int" - how can we send something like 401.1 or 401.2 from ASP.NET????

Thanks

 

[Martin Dechev]

Hi, Dhwanil Shah,

I don't understand what you mean by this:

If we send 401, the requsting application comes back to our application

with the same user credentials.

Do they have a collection of user credentials? Normally every user has one
set of credentials and if the authentication fails that user can't use the
service.

Anyway, here is the list of custom error messages you might try to send:

http://msdn.microsoft.com/library/en-us/iissdk/iis/customerrormessagesreference.asp

I havent tested it, but you can try to send:

Response.Status = "401.2 Unauthorized: Access is denied due to server
configuration favoring an alternate authentication method.";

Most likely it will throw an HttpException "Status is set to an invalid
status code." though.

Greetings
Martin

 

[Guest]

Hi

I just need to send the value of 401.1 or 401.2 in Response.Status property. The Response.Status property is an int value i.e. I can only send 401 or 200 i.e. full numbers - no decimals allowed

How can I send an HTTP status code of 401.1 or 401.2 from ASP.NET

Thanks & Regard
Dhwanil Shah

 

[Thomas Johansen]

Hi, Dhwanil,

I have not tested this, but you might want to try setting Response.Status to
4011 or 4012.

 

[Martin Dechev]

Hi, Dhwanil Shah,

The property Status on the System.Web.HttpResponse class is of type System
String:

http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemWebHttpResponseClassStatusTopic.asp

Anyway, it will throw HttpException "HTTP status string is not valid." if
you try to set it to a custom status code + status message combination.

Greetings
Martin

Hi,

I just need to send the value of 401.1 or 401.2 in Response.Status

property. The Response.Status property is an int value i.e. I can only send
401 or 200 i.e. full numbers - no decimals allowed.

 

[Guest]

Thanks

I will check that ou

Regard
Dhwanil Shah

 

[Guest]

Martin

Sorry, I think we need to set StatusCode rather then the Status property.

I am not sure if sending a status code of 401 and Status i.e. description as 401.2 Access Denied will work or not. Also not sure whether .NET Framework will sync the description and the code.... will check out the lead anyway

Thanks
Dhwanil

 

[Eric Lawrence [MSFT]]

Please note that there is no such thing as a 401.1 when it comes to the HTTP
headers themselves. (Watch using a network sniffer to confirm for
yourself).

When you see a 401.1 in IE, what's really happening is that IIS is sending
down a HTTP/401 error code in that HTTP Result, but the body text provides
the additional information you're seeing that claims it's really a 401.1

--
Thanks,

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.

We are trying to refuse data display to users based on some internal

criteria. The site uses Basic Authentication for security.

Through ASP.NET we can send a status of 401. The request to our site comes

from an application that understands the HTTP protocol.

If we send 401, the requsting application comes back to our application

with the same user credentials. I read somewhere that 401 does not "exactly"
mean access denied. The exact status code is 401.1 or 401.2.

The Status property of the Response object is an "int" - how can we send

something like 401.1 or 401.2 from ASP.NET????

 

[Fixme]

SubStatusCode

Provided you're using .NET Framework 2.0 with SP1 or later, what you want is the SubStatusCode property. Check it out here:

http://msdn.microsoft.com/en-us/library/system.web.httpresponse.substatuscode.aspx

You're welcome.