RE: Redirect to default page using Windows Authentication

From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 11/24/03 

Date: Mon, 24 Nov 2003 21:39:22 GMT

Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do this in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>Content-Class: urn:content-classes:message
>From: "Dave" <anonymous@discussions.microsoft.com>
>Sender: "Dave" <anonymous@discussions.microsoft.com>
>References: <018001c3adf3$a0978a90$a101280a@phx.gbl>
<6CkFOwfrDHA.2464@cpmsftngxa06.phx.gbl>
<014601c3ae0c$9ff59be0$a501280a@phx.gbl>
<pyVgyarrDHA.2320@cpmsftngxa07.phx.gbl>
>Subject: RE: Redirect to default page using Windows Authentication
>Date: Mon, 24 Nov 2003 13:06:52 -0800
>Lines: 187
>Message-ID: <028901c3b2ce$e20a2a70$a501280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa07.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7663
>NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>That's just it. I'm not sure where to trap that error.
>Initially I thought an HttpModule would be my only
>option, but I'm not even sure if the Http Request will
>get that far in the pipeline.
>
>The webserver may get intercept the request and return
>that error before I can do any type of redirect on the
>backend using asp.net.
>
>Dave.
>
>>-----Original Message-----
>>Dave,
>>
>>That's correct. There's no way around that. The way
>wininet
>>authentication works is that if the resource you are
>requesting does not
>>allow anonymous access, a 401 is sent back to the
>browser. If the resource
>>is using Windows Integrated authentication and the
>browser is configured to
>>automatically send credentials, the token is sent back
>and the user is
>>authenticated. In the case of Basic authentication, a
>login prompt is
>>displayed and the user must log in.
>>
>>If you intercept the 401 and redirect somewhere, you
>hijack the browser's
>>ability to challenge. There is no way around that.
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Developer Support
>>ASP.NET
>>jamesche@online.microsoft.com
>>
>>This post is provided as-is with no warranties and
>confers no rights.
>>
>>--------------------
>>>Content-Class: urn:content-classes:message
>>>From: "Dave" <anonymous@discussions.microsoft.com>
>>>Sender: "Dave" <anonymous@discussions.microsoft.com>
>>>References: <018001c3adf3$a0978a90$a101280a@phx.gbl>
>><6CkFOwfrDHA.2464@cpmsftngxa06.phx.gbl>
>>>Subject: RE: Redirect to default page using Windows
>Authentication
>>>Date: Tue, 18 Nov 2003 11:46:14 -0800
>>>Lines: 104
>>>Message-ID: <014601c3ae0c$9ff59be0$a501280a@phx.gbl>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: 7bit
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
>>>Newsgroups:
>microsoft.public.dotnet.framework.aspnet.security
>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl
>>microsoft.public.dotnet.framework.aspnet.security:7618
>>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>>>X-Tomcat-NG:
>microsoft.public.dotnet.framework.aspnet.security
>>>
>>>Jim,
>>>
>>>Thanks for the response. I guess I'm not following
>>>where I would run the code you mentioned other than the
>>>global.asax.
>>>
>>>I have the following code in there now...
>>>
>>>protected void Application_AuthenticateRequest(Object
>>>sender, EventArgs e)
>>> {
>>>if ((Request.CurrentExecutionFilePath !
>>>= "/MyApp/Index.aspx") &&
>(User.Identity.IsAuthenticated
>>>== false))
>>> {
>>> Response.Redirect("Index.aspx");
>>> }
>>>}
>>>
>>>This works on the first attempt to view a page other
>than
>>>index.aspx but when I try to click on a link that goes
>to
>>>a page secured by Basic Auth., the code above gets
>fired
>>>again and redirects me back to index.aspx. I don't
>have
>>>a chance to enter the login credentials.
>>>
>>>Dave.
>>>
>>>>-----Original Message-----
>>>>Dave,
>>>>
>>>>You would have to redirect on the 401 response. As
>long
>>>as the connection
>>>>with IIS is still held in cache (and it should be),
>this
>>>should work fine.
>>>>(I haven't tested it, so don't hold me to it.)
>>>>
>>>>It would look something like this:
>>>>
>>>>if (HttpResponse.Status == '401 ACCESS DENIED')
>>>>{
>>>> Response.Redirect('login.aspx');
>>>>}
>>>>
>>>>Jim Cheshire, MCSE, MCSD [MSFT]
>>>>Developer Support
>>>>ASP.NET
>>>>jamesche@online.microsoft.com
>>>>
>>>>This post is provided as-is with no warranties and
>>>confers no rights.
>>>>
>>>>
>>>>--------------------
>>>>>Content-Class: urn:content-classes:message
>>>>>From: "Dave" <anonymous@discussions.microsoft.com>
>>>>>Sender: "Dave" <anonymous@discussions.microsoft.com>
>>>>>Subject: Redirect to default page using Windows
>>>Authentication
>>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>>>>>Lines: 22
>>>>>Message-ID: <018001c3adf3$a0978a90$a101280a@phx.gbl>
>>>>>MIME-Version: 1.0
>>>>>Content-Type: text/plain;
>>>>> charset="iso-8859-1"
>>>>>Content-Transfer-Encoding: 7bit
>>>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE
>V5.50.4910.0300
>>>>>Newsgroups:
>>>microsoft.public.dotnet.framework.aspnet.security
>>>>>Path: cpmsftngxa06.phx.gbl
>>>>>Xref: cpmsftngxa06.phx.gbl
>>>>microsoft.public.dotnet.framework.aspnet.security:7614
>>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>>>X-Tomcat-NG:
>>>microsoft.public.dotnet.framework.aspnet.security
>>>>>
>>>>>Hi,
>>>>>
>>>>>Is there a way to redirect the user to a default,
>>>>>anonymous, welcome or "splash" page for our
>application
>>>>>when using Windows authentication with Basic enabled?
>>>>>
>>>>>In other words, if a user attempts to access a
>secured
>>>>>page directly the first time, they will be redirected
>>>to
>>>>>the application's main entry point.
>>>>>
>>>>>I know this defeats the purpose of
>setting "Favorites"
>>>>>but we want to have updates, news, instructions, etc
>on
>>>>>this anonymous welcome page so the user can see this
>>>>>information. It will then have a link or button that
>>>>>states "Click here to login". Ideally, it would take
>>>>>them then to the orignal page they wanted.
>>>>>
>>>>>I know this can be done with Forms authentication.
>>>>>
>>>>>Thanks, Dave.
>>>>>
>>>>>
>>>>>
>>>>
>>>>.
>>>>
>>>
>>
>>.
>>
>