Re: URL Authorzation Problem

From: jfer (nicemonitor_at_hotmail.com)
Date: 08/20/05

• Next message: Joe Kaplan \(MVP - ADSI\): "Re: URL Authorzation Problem"
• Previous message: Gary Chang[MSFT]: "RE: security steps to allow webservice to run exe"
• In reply to: Dominick Baier [DevelopMentor]: "Re: URL Authorzation Problem"
• Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: URL Authorzation Problem"
• Reply: Joe Kaplan \(MVP - ADSI\): "Re: URL Authorzation Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 20 Aug 2005 09:19:22 -0700

Hi Dominick thanks for the reply.

The problem is not that I need two redirect URL's the problem is that
when a user who is authenticated tries to access a resource they are
not authorized to access an access denied page is not provided from IIS
(instead it seems to try over and over to reauthenticate and redirect
which results in the endless loop). I notice IIS has an error page
associated with error code 401.7 which is for access denied because of
URL authorization. Why isn't this page shown? Maybe I have to trap
the event when a response of 401.7 goes out and redirect the user to an
appropriate page? This is ridiculous. I can't believe no one has
complained about URL authorization via forms authentication before.
I invite anyone to setup an application with forms auth and restrict
access to a particular folder or resource. Then try to surf to that
url. You will not get an access denied page, instead forms auth will
continually try to reauthenticate you in hopes of gaining new
credentials which will allow you access (this HAS to be a bug)!
Note that when you set all this up and use Integrated Windows
Authentication with URL Authorization, unauthorized users will see a
nice access denied page from IIS.

Again any insight appreciated!

• Next message: Joe Kaplan \(MVP - ADSI\): "Re: URL Authorzation Problem"
• Previous message: Gary Chang[MSFT]: "RE: security steps to allow webservice to run exe"
• In reply to: Dominick Baier [DevelopMentor]: "Re: URL Authorzation Problem"
• Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: URL Authorzation Problem"
• Reply: Joe Kaplan \(MVP - ADSI\): "Re: URL Authorzation Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: URL Authorzation Problem ... > not authorized to access an access denied page is not provided from IIS ... > (instead it seems to try over and over to reauthenticate and redirect ... > complained about URL authorization via forms authentication before. ... (microsoft.public.dotnet.framework.aspnet.security) RE: Redirect to default page using Windows Authentication ... authentication works is that if the resource you are requesting does not ... is using Windows Integrated authentication and the browser is configured to ... If you intercept the 401 and redirect somewhere, ... >>You would have to redirect on the 401 response. ... (microsoft.public.dotnet.framework.aspnet.security) PHP request page redirect ... Does anyone know a code to handle page redirect for authentication. ... first time requesting that resource they get redirected to /login.php page. ... (php.general) Re: Forms Based Authentication and the OpenWave Browsers ... Try taking this redirect out of the try...catch; ... > Authentication in cookie enabled WAP browsers. ... > Samsung Browser, Forms Authentication and RedirectFromLoginPage - This is ... > Open Wave Browser and Cookies - While regression testing my new change, ... (microsoft.public.dotnet.framework.aspnet.security) Re: redirect http to https for virtual directories ... at the URL and if it comes over "80" redirect to ... Enable anonymous access and unchecked the Require SSL ... If proper authentication is provided, ... custom error not handling http to https redirects ... (microsoft.public.inetserver.iis)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint