Re: Intranet Security
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 20 May 2007 14:39:39 +1000
You need to write some code so that a 401 (Unauthorized) is not sent to the browser.
In the current situation, IIS is detecting that the user doesn't have permissions to the page, and is sending a HTTP 401 response back. It is then up to the browser to decide what to do. By default a browser will put up a credentials dialogue allowing the user to supply alternate credentials that might be acceptable (which is useful in case the user ever made a typo in their password, or they need to use alternate credentials).
In your case, you need to override this 401 response, and send back something else (e.g. 200 OK) and the HTML content you want to display.
You can certainly customise the 401 error page itself, but it is up to the browser to decide whether to display this or not. By default, most browsers will allow the user 3 goes at the password before they will display your custom 401 page.
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
"Spechty" <Spechty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:CF680942-0D75-440E-8104-6934386DDC80@xxxxxxxxxxxxxxxx
I have a test intranet site set up. I have IIS set for Integrated Security.
IIS server is in a domain. and only domain PCs will access the intranet.
the URL is http:\\Intranet.
I have NTFS settings on the folders for the site. I have several folders
that only specific users/groups who will only be allowed access. In my
testing I use a user who does not have access to these pages. And I get
prompted for credentials. I would like to redirect the user to a denied page
instead of credentials. how could I accomplish this?
Thanks
.
- Prev by Date: Re: IIS Subauthentication Required
- Next by Date: Re: You are not authorized to view this page
- Previous by thread: HELP NEEDED - Multiple SSL sites each on its own IP not working in IIS 6.0
- Next by thread: Re: Malicious user
- Index(es):
Relevant Pages
|
