RE: Redirect to default page using Windows Authentication

From: Dave (anonymous_at_discussions.microsoft.com)
Date: 11/24/03 

Date: Mon, 24 Nov 2003 13:06:52 -0800

That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.

>-----Original Message-----
>Dave,
>
>That's correct. There's no way around that. The way
wininet
>authentication works is that if the resource you are
requesting does not
>allow anonymous access, a 401 is sent back to the
browser. If the resource
>is using Windows Integrated authentication and the
browser is configured to
>automatically send credentials, the token is sent back
and the user is
>authenticated. In the case of Basic authentication, a
login prompt is
>displayed and the user must log in.
>
>If you intercept the 401 and redirect somewhere, you
hijack the browser's
>ability to challenge. There is no way around that.
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Developer Support
>ASP.NET
>jamesche@online.microsoft.com
>
>This post is provided as-is with no warranties and
confers no rights.
>
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Dave" <anonymous@discussions.microsoft.com>
>>Sender: "Dave" <anonymous@discussions.microsoft.com>
>>References: <018001c3adf3$a0978a90$a101280a@phx.gbl>
><6CkFOwfrDHA.2464@cpmsftngxa06.phx.gbl>
>>Subject: RE: Redirect to default page using Windows
Authentication
>>Date: Tue, 18 Nov 2003 11:46:14 -0800
>>Lines: 104
>>Message-ID: <014601c3ae0c$9ff59be0$a501280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
>>Newsgroups:
microsoft.public.dotnet.framework.aspnet.security
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl
>microsoft.public.dotnet.framework.aspnet.security:7618
>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>>X-Tomcat-NG:
microsoft.public.dotnet.framework.aspnet.security
>>
>>Jim,
>>
>>Thanks for the response. I guess I'm not following
>>where I would run the code you mentioned other than the
>>global.asax.
>>
>>I have the following code in there now...
>>
>>protected void Application_AuthenticateRequest(Object
>>sender, EventArgs e)
>> {
>>if ((Request.CurrentExecutionFilePath !
>>= "/MyApp/Index.aspx") &&
(User.Identity.IsAuthenticated
>>== false))
>> {
>> Response.Redirect("Index.aspx");
>> }
>>}
>>
>>This works on the first attempt to view a page other
than
>>index.aspx but when I try to click on a link that goes
to
>>a page secured by Basic Auth., the code above gets
fired
>>again and redirects me back to index.aspx. I don't
have
>>a chance to enter the login credentials.
>>
>>Dave.
>>
>>>-----Original Message-----
>>>Dave,
>>>
>>>You would have to redirect on the 401 response. As
long
>>as the connection
>>>with IIS is still held in cache (and it should be),
this
>>should work fine.
>>>(I haven't tested it, so don't hold me to it.)
>>>
>>>It would look something like this:
>>>
>>>if (HttpResponse.Status == '401 ACCESS DENIED')
>>>{
>>> Response.Redirect('login.aspx');
>>>}
>>>
>>>Jim Cheshire, MCSE, MCSD [MSFT]
>>>Developer Support
>>>ASP.NET
>>>jamesche@online.microsoft.com
>>>
>>>This post is provided as-is with no warranties and
>>confers no rights.
>>>
>>>
>>>--------------------
>>>>Content-Class: urn:content-classes:message
>>>>From: "Dave" <anonymous@discussions.microsoft.com>
>>>>Sender: "Dave" <anonymous@discussions.microsoft.com>
>>>>Subject: Redirect to default page using Windows
>>Authentication
>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>>>>Lines: 22
>>>>Message-ID: <018001c3adf3$a0978a90$a101280a@phx.gbl>
>>>>MIME-Version: 1.0
>>>>Content-Type: text/plain;
>>>> charset="iso-8859-1"
>>>>Content-Transfer-Encoding: 7bit
>>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>>>>X-MimeOLE: Produced By Microsoft MimeOLE
V5.50.4910.0300
>>>>Newsgroups:
>>microsoft.public.dotnet.framework.aspnet.security
>>>>Path: cpmsftngxa06.phx.gbl
>>>>Xref: cpmsftngxa06.phx.gbl
>>>microsoft.public.dotnet.framework.aspnet.security:7614
>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>>X-Tomcat-NG:
>>microsoft.public.dotnet.framework.aspnet.security
>>>>
>>>>Hi,
>>>>
>>>>Is there a way to redirect the user to a default,
>>>>anonymous, welcome or "splash" page for our
application
>>>>when using Windows authentication with Basic enabled?
>>>>
>>>>In other words, if a user attempts to access a
secured
>>>>page directly the first time, they will be redirected
>>to
>>>>the application's main entry point.
>>>>
>>>>I know this defeats the purpose of
setting "Favorites"
>>>>but we want to have updates, news, instructions, etc
on
>>>>this anonymous welcome page so the user can see this
>>>>information. It will then have a link or button that
>>>>states "Click here to login". Ideally, it would take
>>>>them then to the orignal page they wanted.
>>>>
>>>>I know this can be done with Forms authentication.
>>>>
>>>>Thanks, Dave.
>>>>
>>>>
>>>>
>>>
>>>.
>>>
>>
>
>.
>