Re: Any way to display a "bad password entered" message at https l

Well remember that, ultimately, it is up to the browser to decide what to display. If you are sending back a 401 HTTP status, then the browser will (most likely) just popup the dialogue again.

You'd need to change the HTTP status (e.g. via an ISAPI filter, or module if you are using IIS 7) so as to have the browser display your message.

You then have the issue of how do you get the server to send another 401 later so that the user can attempt to authenticate again :-)

Cheers
Ken

"Sandy Wood" <sandy.wood@xxxxxxxxxx> wrote in message news:ADA7CBBF-243A-4FEA-90A5-B10E84EB1DE7@xxxxxxxxxxxxxxxx
We're doing HTTP based auth, NT Authentication. Looks like we'll need to
write some custom code in any case.
--
Sandy Wood
Orange County District Attorney


"Ken Schaefer" wrote:

What sort of authentication are you attempting to do?

If it's forms based auth (e.g. user enters credentials into a HTML form),
then IIS has no knowledge of whether the user is authenticated or not (it's
just displayed HTML pages). You need to write some code to display
appropraite HTML.

If it's HTTP based authN (e.g. the browser pops up a dialogue box asking the
user to enter credentials), then this isn't controlled by IIS either. IIS is
just sending a HTTP 401 status to the browser, and it's the browser that
then chooses to display the credentials dialogue box (or not). The only way
here would be to change what IIS does (i.e. not send back a 401
Unauthorized, but a 200 OK instead, with your custom message)

Cheers
Ken
--
My IIS blog: http://adopenstatic.com/blog


"Sandy Wood" <sandy.wood@xxxxxxxxxx> wrote in message
news:5444DC16-55C7-41EF-BE67-B9E58D15A1CE@xxxxxxxxxxxxxxxx
> Our management want's us to be able to display a message when users
> attempt
> to logon to one of our secure sites. Now if a user enters an incorrect
> password. the logon window just flashes and clears out any username and
> password that was entered. Short of writing custom code, is there any > way
> withing IIS to display some sort of user feedback?
> -- > Sandy Wood
> Orange County District Attorney



.

Relevant Pages

  • Finding nonsecure items in secure page
    ... I am modifying an existing ASP.NET application to make it SSL ... Do you want to display the nonsecure items? ... IS there something other than a reference through an explicit "http:" ... Hasn't someone built a plugin for IIS that would allow for monitoring ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Any way to display a "bad password entered" message at https l
    ... We're doing HTTP based auth, ... then this isn't controlled by IIS either. ... then chooses to display the credentials dialogue box. ... Short of writing custom code, ...
    (microsoft.public.inetserver.iis.security)
  • Re: ClientCertificate
    ... Is the browser in SSL mode when you do this? ... to an HTTP address not an HTTPS one. ... > Working with ASP, Windows 2000, IIS 5.0. ... > I have CA certificate installed on my machine which is installed fine. ...
    (microsoft.public.inetserver.asp.general)
  • Re: Strange IIS Problem
    ... I get the same thing whether browsing on the IIS machine or any machine connected to the network. ... Could be your browser cache needs to be cleared out. ... > where the asp code, which also accesses a database, runs fine and ... > not display the image. ...
    (microsoft.public.inetserver.iis)
  • Re: Finding nonsecure items in secure page
    ... I have already searched the codebase and eliminated all hardcoded "http" instances, replacing them with a method call that returns the appropriate value in a given context. ... I have also modified all iframe instances to ensure they always have a valid src. ... to IIS, but it would appear there is no traffic associated with the warning, at least not traffic that Fiddler would intercept. ... I can not display the page's source (the ...
    (microsoft.public.dotnet.framework.aspnet)