Re: Optional Authentication?

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/29/04 

Date: Sun, 29 Aug 2004 15:48:43 +1000

The problem with using a custom 401 error page is that most browsers will
never display this - when they encounter a 401 status code, then popup a
login dialogue box. You would need something in your application that is
able to detect a 401 status, and then reset the status to something else (eg
200 OK). You can do this in ASP.NET relatively easily.

Cheers
Ken

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41341ac7.309986637@msnews.microsoft.com...
> You might be able to cobble something up through a custom error page
> though. Maybe a 401.1 custom page that presented options for users
> who didn't authenticate and then the standard page for those who do.
> I'm not sure I'd choose that route over a custom authentication scheme
> and not using Windows accounts, but it might work.
>
> Jeff
>
> On Fri, 27 Aug 2004 11:27:54 +1000, "Ken Schaefer"
> <kenREMOVE@THISadOpenStatic.com> wrote:
>
>>As far as I know, this is not possible to do with IIS & HTTP based
>>authentication methods (Basic, Digest etc). This is not a function of IIS,
>>but a function of how HTTP works.
>>
>>You could either write your own application layer authentication system
>>(eg
>>using ASP.NET, or PHP or whatever programming environment you are using),
>>or
>>you might be able to use an ISAPI filter for this (the ISAPI filter would
>>trick IIS into thinking that some default credentials had been sent by the
>>client in the case that the client doesn't send anything).
>>
>>Cheers
>>Ken
>>
>>"wllmundrwd" <wllmundrwd@discussions.microsoft.com> wrote in message
>>news:E4A2EFA3-E3E7-4289-9F4F-1C52FB41D711@microsoft.com...
>>> Hello,
>>> I'd like to enable "optional" authentication for a directory. When a
>>> browser first visits (per session) the directory, they should be
>>> prompted
>>> for
>>> authentication, and be able to cancel the sign in for anonymous access.
>>> Provided that they authenticate, the scripts will present different
>>> options
>>> for the user. I do not have the guest account on my domain enabled, and
>>> I
>>> would like to keep it that way...
>>>
>>> Thanks,
>>> William
>>
>

Relevant Pages

  • RE: Membership Provider Woes
    ... in forms authentication context. ... how do I actually store the custom information? ... limited by the natural of cookie. ... Doens't the membership provider set a forms auth cookie for me ...
    (microsoft.public.dotnet.framework.aspnet)
  • Forms authentication in a subfolder problem, please help
    ... When I create forms authentication at root level it works but when I move my ... <!-- CUSTOM ERROR MESSAGES ... Application-level tracing enables trace log output for every page ... private void Page_Load ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: * * * C# Application and Database Security Model * * *
    ... I've noticded that your main concern here is to provide security ... If you're going to do authentication and authorization against windows ... authenticate user against custom security account database and authroize ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.languages.csharp)
  • Runtime error when customErrors are Off
    ... "On" Always display custom messages. ... This section sets the authentication policies of the application. ... Application-level tracing enables trace log output for every page ... <!-- SESSION STATE SETTINGS ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Membership Provider Woes
    ... perform forms authentication in your ASP.NET web application. ... you also want to add additional custom datainto the ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
Quantcast