B
Bigtoga
Currently I have succesfully implemented role-based folder security using
roles and web.config in each folder. This works great - if a user is not
authenticated or a member of an allowed role, that user cannot access the
resource (woohoo!). When the disallowed user tries to access the resource,
it redirects them to a login page.
What I want is that, when an unauthorized user tries to access a secure
resource, I want it to raise a 401 error (which would then call my 401
customer error page).
Can I do this?
In my web.config for the application, I have:
<forms name="Auth" loginUrl="login.aspx" protection="All" path="/"/>
If the user fails, it auto-redirects to login.aspx.
I tried this:
<forms name="Auth" protection="All" path="/"/> <!-- loginUrl omitted-->
And rebuilt then restarted the webserver - same thing.
How can I set it up so that unathorized requests raise a 403 error? i have
this in web.config as well...
<customErrors mode="On" defaultRedirect="/errors/404.aspx">
<error statusCode="400" redirect="/errors/400.aspx"/><!--400 (Bad
Request)-->
<error statusCode="401" redirect="/errors/401.aspx"/><!--401
(Unauthorized)-->
<error statusCode="403" redirect="/errors/403.aspx"/><!--403 (Forbidden)-->
<error statusCode="404" redirect="/errors/404.aspx"/><!--404 (Not Found)-->
<error statusCode="500" redirect="/errors/500.aspx"/><!--500 (Internal
Server Error)-->
</customErrors>
roles and web.config in each folder. This works great - if a user is not
authenticated or a member of an allowed role, that user cannot access the
resource (woohoo!). When the disallowed user tries to access the resource,
it redirects them to a login page.
What I want is that, when an unauthorized user tries to access a secure
resource, I want it to raise a 401 error (which would then call my 401
customer error page).
Can I do this?
In my web.config for the application, I have:
<forms name="Auth" loginUrl="login.aspx" protection="All" path="/"/>
If the user fails, it auto-redirects to login.aspx.
I tried this:
<forms name="Auth" protection="All" path="/"/> <!-- loginUrl omitted-->
And rebuilt then restarted the webserver - same thing.
How can I set it up so that unathorized requests raise a 403 error? i have
this in web.config as well...
<customErrors mode="On" defaultRedirect="/errors/404.aspx">
<error statusCode="400" redirect="/errors/400.aspx"/><!--400 (Bad
Request)-->
<error statusCode="401" redirect="/errors/401.aspx"/><!--401
(Unauthorized)-->
<error statusCode="403" redirect="/errors/403.aspx"/><!--403 (Forbidden)-->
<error statusCode="404" redirect="/errors/404.aspx"/><!--404 (Not Found)-->
<error statusCode="500" redirect="/errors/500.aspx"/><!--500 (Internal
Server Error)-->
</customErrors>