Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Redirect Unauthorized Access

Reply
Thread Tools

Redirect Unauthorized Access

 
 
Evan M.
Guest
Posts: n/a
 
      05-23-2007
I've got an ASP.NET application that's using Windows authentication
with Integrated Windows authentication turned on to manage access.

Access to the web app should be restricted to only a couple AD Groups,
and I'm trying to get anybody else that tries to access the
application to be redirected to a friendly error page. However, I've
only been able to get a generic ASP.NET error page (401.2) to be
displayed.

I've tried getting it set up in web.config, but no matter what I do,
it doesn't seem to work.

The only option I've seen so far is to remove the authorization
information from web.config, and instead use Global.asax with the
following handler:
void Application_AuthenticateRequest(Object sender, EventArgs e) {
String AuthURL = "/AccessDenied.aspx";
if (!User.IsInRole("Domain\UserGroup")
&& Request.FilePath != AuthURL)
{
Server.Transfer(AuthURL);
}
}

Is there something that I'm missing?
Evan

 
Reply With Quote
 
 
 
 
bruce barker
Guest
Posts: n/a
 
      05-23-2007
browser access is pretty simple. the browser asks for a url, if access
is denied, the web server returns 401 with a list of authentication
methods. the browser is free to try again as many times as it wants with
different credentials.

your approach is the correct one.

-- bruce (sqlwork.com)


Evan M. wrote:
> I've got an ASP.NET application that's using Windows authentication
> with Integrated Windows authentication turned on to manage access.
>
> Access to the web app should be restricted to only a couple AD Groups,
> and I'm trying to get anybody else that tries to access the
> application to be redirected to a friendly error page. However, I've
> only been able to get a generic ASP.NET error page (401.2) to be
> displayed.
>
> I've tried getting it set up in web.config, but no matter what I do,
> it doesn't seem to work.
>
> The only option I've seen so far is to remove the authorization
> information from web.config, and instead use Global.asax with the
> following handler:
> void Application_AuthenticateRequest(Object sender, EventArgs e) {
> String AuthURL = "/AccessDenied.aspx";
> if (!User.IsInRole("Domain\UserGroup")
> && Request.FilePath != AuthURL)
> {
> Server.Transfer(AuthURL);
> }
> }
>
> Is there something that I'm missing?
> Evan
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forms Authentication: Redirect to Unauthorized.aspx in subdirectories? Diane Y ASP .Net Security 1 03-28-2006 07:18 PM
Forms authentication: how to redirect unauthorized users? BJ Lap ASP .Net 2 11-20-2005 06:57 PM
Unauthorized Access needin4mation@gmail.com ASP .Net 1 11-13-2005 06:52 PM
Basic Q - Response.Redirect, all redirect to first Response.Redirect statement Sal ASP .Net Web Controls 1 05-15-2004 03:46 PM
Blocking unauthorized wireless access points on Cisco routers Steve Abrams Cisco 1 02-03-2004 01:31 AM



Advertisments