RE: Redirect when User is Unauthorized



because the 401 is used to trigger the IIS authentication handshake (e.g. displaying the login box in IE) - thus it has to percolate up to IIS and cannot be catched in ASP.NET...


---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

Why not by doing this ?

<configuration>
<system.web>
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly">
<error statusCode="401"
redirect="InternalError.htm"/>
</customErrors>
</system.web>
</configuration>
"Dominick Baier" wrote:

you cannot catch 401s with the <customErrrors> element - write a
handler for EndRequest in global.asax and check for a 401 status code
AND that the user is authenticated (Request.IsAuthenticated) - then
do the redirect manually

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com
hi, try this

<customErrors
defaultRedirect="http://hostName/applicationName/errorStatus.htm";
mode="On"> </customErrors>

regards
serge
MCAD.NET
"David" wrote:
Hello,

I am using Windows Authentication and Role based authorization to
secure my web application. I would like to redirect to an
Unauthorized page if a user tries to access the web site and does
not have the proper credentials. I first tried adding a section to
the customErrors web.config for the statusCode of 401. However,
this did not work as I am still receiving the default asp.net
access denied page. Is there any way to display a custom page
instead of the default asp.net page when authorization fails?

If it matters, I am using Visual Studio 2005 (ASP.NET 2.0) and
Windows Server 2003.

Any thoughts or suggestions would be appreciated.

Thanks!

David.



.