Can I force 401 error when user not authenticated?

From: Bigtoga (bigtoga_at_maratrane.com)
Date: 04/23/04 

Date: Fri, 23 Apr 2004 14:30:57 GMT

Currently I have succesfully implemented role-based folder security using
roles and web.config in each folder. This works great - if a user is not
authenticated or a member of an allowed role, that user cannot access the
resource (woohoo!). When the disallowed user tries to access the resource,
it redirects them to a login page.

What I want is that, when an unauthorized user tries to access a secure
resource, I want it to raise a 401 error (which would then call my 401
customer error page).

Can I do this?

In my web.config for the application, I have:

<forms name="Auth" loginUrl="login.aspx" protection="All" path="/"/>

If the user fails, it auto-redirects to login.aspx.

I tried this:

<forms name="Auth" protection="All" path="/"/> <!-- loginUrl omitted-->

And rebuilt then restarted the webserver - same thing.

How can I set it up so that unathorized requests raise a 403 error? i have
this in web.config as well...

<customErrors mode="On" defaultRedirect="/errors/404.aspx">

<error statusCode="400" redirect="/errors/400.aspx"/><!--400 (Bad
Request)-->

<error statusCode="401" redirect="/errors/401.aspx"/><!--401
(Unauthorized)-->

<error statusCode="403" redirect="/errors/403.aspx"/><!--403 (Forbidden)-->

<error statusCode="404" redirect="/errors/404.aspx"/><!--404 (Not Found)-->

<error statusCode="500" redirect="/errors/500.aspx"/><!--500 (Internal
Server Error)-->

</customErrors>

Quantcast