Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Redirect to default page using Windows Authentication

Reply
Thread Tools

Redirect to default page using Windows Authentication

 
 
Dave
Guest
Posts: n/a
 
      11-18-2003
Hi,

Is there a way to redirect the user to a default,
anonymous, welcome or "splash" page for our application
when using Windows authentication with Basic enabled?

In other words, if a user attempts to access a secured
page directly the first time, they will be redirected to
the application's main entry point.

I know this defeats the purpose of setting "Favorites"
but we want to have updates, news, instructions, etc on
this anonymous welcome page so the user can see this
information. It will then have a link or button that
states "Click here to login". Ideally, it would take
them then to the orignal page they wanted.

I know this can be done with Forms authentication.

Thanks, Dave.


 
Reply With Quote
 
 
 
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      11-18-2003
Dave,

You would have to redirect on the 401 response. As long as the connection
with IIS is still held in cache (and it should be), this should work fine.
(I haven't tested it, so don't hold me to it.)

It would look something like this:

if (HttpResponse.Status == '401 ACCESS DENIED')
{
Response.Redirect('login.aspx');
}

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
http://www.velocityreviews.com/forums/(E-Mail Removed)

This post is provided as-is with no warranties and confers no rights.


--------------------
>Content-Class: urn:content-classes:message
>From: "Dave" <(E-Mail Removed)>
>Sender: "Dave" <(E-Mail Removed)>
>Subject: Redirect to default page using Windows Authentication
>Date: Tue, 18 Nov 2003 08:47:17 -0800
>Lines: 22
>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 7614
>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hi,
>
>Is there a way to redirect the user to a default,
>anonymous, welcome or "splash" page for our application
>when using Windows authentication with Basic enabled?
>
>In other words, if a user attempts to access a secured
>page directly the first time, they will be redirected to
>the application's main entry point.
>
>I know this defeats the purpose of setting "Favorites"
>but we want to have updates, news, instructions, etc on
>this anonymous welcome page so the user can see this
>information. It will then have a link or button that
>states "Click here to login". Ideally, it would take
>them then to the orignal page they wanted.
>
>I know this can be done with Forms authentication.
>
>Thanks, Dave.
>
>
>


 
Reply With Quote
 
 
 
 
Dave
Guest
Posts: n/a
 
      11-18-2003
Jim,

Thanks for the response. I guess I'm not following
where I would run the code you mentioned other than the
global.asax.

I have the following code in there now...

protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
{
if ((Request.CurrentExecutionFilePath !
= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
== false))
{
Response.Redirect("Index.aspx");
}
}

This works on the first attempt to view a page other than
index.aspx but when I try to click on a link that goes to
a page secured by Basic Auth., the code above gets fired
again and redirects me back to index.aspx. I don't have
a chance to enter the login credentials.

Dave.

>-----Original Message-----
>Dave,
>
>You would have to redirect on the 401 response. As long

as the connection
>with IIS is still held in cache (and it should be), this

should work fine.
>(I haven't tested it, so don't hold me to it.)
>
>It would look something like this:
>
>if (HttpResponse.Status == '401 ACCESS DENIED')
>{
> Response.Redirect('login.aspx');
>}
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Developer Support
>ASP.NET
>(E-Mail Removed)
>
>This post is provided as-is with no warranties and

confers no rights.
>
>
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Dave" <(E-Mail Removed)>
>>Sender: "Dave" <(E-Mail Removed)>
>>Subject: Redirect to default page using Windows

Authentication
>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>>Lines: 22
>>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Newsgroups:

microsoft.public.dotnet.framework.aspnet.security
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl

>microsoft.public.dotnet.framework.aspnet.security :7614
>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>X-Tomcat-NG:

microsoft.public.dotnet.framework.aspnet.security
>>
>>Hi,
>>
>>Is there a way to redirect the user to a default,
>>anonymous, welcome or "splash" page for our application
>>when using Windows authentication with Basic enabled?
>>
>>In other words, if a user attempts to access a secured
>>page directly the first time, they will be redirected

to
>>the application's main entry point.
>>
>>I know this defeats the purpose of setting "Favorites"
>>but we want to have updates, news, instructions, etc on
>>this anonymous welcome page so the user can see this
>>information. It will then have a link or button that
>>states "Click here to login". Ideally, it would take
>>them then to the orignal page they wanted.
>>
>>I know this can be done with Forms authentication.
>>
>>Thanks, Dave.
>>
>>
>>

>
>.
>

 
Reply With Quote
 
Guest
Posts: n/a
 
      11-19-2003
You can add the loginUrl property to the forms
authentication section in your config file :

<authentication mode="Forms">
<forms loginUrl="Login.aspx" />
</authentication>

Whenever a user has no access to an area, they would be
directly sent to the login page, and then automatically
redirected to the area they initially wanted to visit if
their security issues have been resolved by the new login
process. This also bring up the url if the session has
timed out(if you keep the roles in the session object).
Alex
 
Reply With Quote
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      11-19-2003
Dave,

That's correct. There's no way around that. The way wininet
authentication works is that if the resource you are requesting does not
allow anonymous access, a 401 is sent back to the browser. If the resource
is using Windows Integrated authentication and the browser is configured to
automatically send credentials, the token is sent back and the user is
authenticated. In the case of Basic authentication, a login prompt is
displayed and the user must log in.

If you intercept the 401 and redirect somewhere, you hijack the browser's
ability to challenge. There is no way around that.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(E-Mail Removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
>Content-Class: urn:content-classes:message
>From: "Dave" <(E-Mail Removed)>
>Sender: "Dave" <(E-Mail Removed)>
>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

<(E-Mail Removed)>
>Subject: RE: Redirect to default page using Windows Authentication
>Date: Tue, 18 Nov 2003 11:46:14 -0800
>Lines: 104
>Message-ID: <014601c3ae0c$9ff59be0$(E-Mail Removed)>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 7618
>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Jim,
>
>Thanks for the response. I guess I'm not following
>where I would run the code you mentioned other than the
>global.asax.
>
>I have the following code in there now...
>
>protected void Application_AuthenticateRequest(Object
>sender, EventArgs e)
> {
>if ((Request.CurrentExecutionFilePath !
>= "/MyApp/Index.aspx") && (User.Identity.IsAuthenticated
>== false))
> {
> Response.Redirect("Index.aspx");
> }
>}
>
>This works on the first attempt to view a page other than
>index.aspx but when I try to click on a link that goes to
>a page secured by Basic Auth., the code above gets fired
>again and redirects me back to index.aspx. I don't have
>a chance to enter the login credentials.
>
>Dave.
>
>>-----Original Message-----
>>Dave,
>>
>>You would have to redirect on the 401 response. As long

>as the connection
>>with IIS is still held in cache (and it should be), this

>should work fine.
>>(I haven't tested it, so don't hold me to it.)
>>
>>It would look something like this:
>>
>>if (HttpResponse.Status == '401 ACCESS DENIED')
>>{
>> Response.Redirect('login.aspx');
>>}
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Developer Support
>>ASP.NET
>>(E-Mail Removed)
>>
>>This post is provided as-is with no warranties and

>confers no rights.
>>
>>
>>--------------------
>>>Content-Class: urn:content-classes:message
>>>From: "Dave" <(E-Mail Removed)>
>>>Sender: "Dave" <(E-Mail Removed)>
>>>Subject: Redirect to default page using Windows

>Authentication
>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>>>Lines: 22
>>>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: 7bit
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Newsgroups:

>microsoft.public.dotnet.framework.aspnet.securi ty
>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl

>>microsoft.public.dotnet.framework.aspnet.securit y:7614
>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>X-Tomcat-NG:

>microsoft.public.dotnet.framework.aspnet.securi ty
>>>
>>>Hi,
>>>
>>>Is there a way to redirect the user to a default,
>>>anonymous, welcome or "splash" page for our application
>>>when using Windows authentication with Basic enabled?
>>>
>>>In other words, if a user attempts to access a secured
>>>page directly the first time, they will be redirected

>to
>>>the application's main entry point.
>>>
>>>I know this defeats the purpose of setting "Favorites"
>>>but we want to have updates, news, instructions, etc on
>>>this anonymous welcome page so the user can see this
>>>information. It will then have a link or button that
>>>states "Click here to login". Ideally, it would take
>>>them then to the orignal page they wanted.
>>>
>>>I know this can be done with Forms authentication.
>>>
>>>Thanks, Dave.
>>>
>>>
>>>

>>
>>.
>>

>


 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      11-24-2003
Thanks, but I'm talking about Windows authentication. Not
forms.


>-----Original Message-----
>You can add the loginUrl property to the forms
>authentication section in your config file :
>
><authentication mode="Forms">
> <forms loginUrl="Login.aspx" />
></authentication>
>
>Whenever a user has no access to an area, they would be
>directly sent to the login page, and then automatically
>redirected to the area they initially wanted to visit if
>their security issues have been resolved by the new

login
>process. This also bring up the url if the session has
>timed out(if you keep the roles in the session object).
>Alex
>.
>

 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      11-24-2003
That's just it. I'm not sure where to trap that error.
Initially I thought an HttpModule would be my only
option, but I'm not even sure if the Http Request will
get that far in the pipeline.

The webserver may get intercept the request and return
that error before I can do any type of redirect on the
backend using asp.net.

Dave.

>-----Original Message-----
>Dave,
>
>That's correct. There's no way around that. The way

wininet
>authentication works is that if the resource you are

requesting does not
>allow anonymous access, a 401 is sent back to the

browser. If the resource
>is using Windows Integrated authentication and the

browser is configured to
>automatically send credentials, the token is sent back

and the user is
>authenticated. In the case of Basic authentication, a

login prompt is
>displayed and the user must log in.
>
>If you intercept the 401 and redirect somewhere, you

hijack the browser's
>ability to challenge. There is no way around that.
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Developer Support
>ASP.NET
>(E-Mail Removed)
>
>This post is provided as-is with no warranties and

confers no rights.
>
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Dave" <(E-Mail Removed)>
>>Sender: "Dave" <(E-Mail Removed)>
>>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

><(E-Mail Removed)>
>>Subject: RE: Redirect to default page using Windows

Authentication
>>Date: Tue, 18 Nov 2003 11:46:14 -0800
>>Lines: 104
>>Message-ID: <014601c3ae0c$9ff59be0$(E-Mail Removed)>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
>>Newsgroups:

microsoft.public.dotnet.framework.aspnet.security
>>Path: cpmsftngxa06.phx.gbl
>>Xref: cpmsftngxa06.phx.gbl

>microsoft.public.dotnet.framework.aspnet.security :7618
>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>>X-Tomcat-NG:

microsoft.public.dotnet.framework.aspnet.security
>>
>>Jim,
>>
>>Thanks for the response. I guess I'm not following
>>where I would run the code you mentioned other than the
>>global.asax.
>>
>>I have the following code in there now...
>>
>>protected void Application_AuthenticateRequest(Object
>>sender, EventArgs e)
>> {
>>if ((Request.CurrentExecutionFilePath !
>>= "/MyApp/Index.aspx") &&

(User.Identity.IsAuthenticated
>>== false))
>> {
>> Response.Redirect("Index.aspx");
>> }
>>}
>>
>>This works on the first attempt to view a page other

than
>>index.aspx but when I try to click on a link that goes

to
>>a page secured by Basic Auth., the code above gets

fired
>>again and redirects me back to index.aspx. I don't

have
>>a chance to enter the login credentials.
>>
>>Dave.
>>
>>>-----Original Message-----
>>>Dave,
>>>
>>>You would have to redirect on the 401 response. As

long
>>as the connection
>>>with IIS is still held in cache (and it should be),

this
>>should work fine.
>>>(I haven't tested it, so don't hold me to it.)
>>>
>>>It would look something like this:
>>>
>>>if (HttpResponse.Status == '401 ACCESS DENIED')
>>>{
>>> Response.Redirect('login.aspx');
>>>}
>>>
>>>Jim Cheshire, MCSE, MCSD [MSFT]
>>>Developer Support
>>>ASP.NET
>>>(E-Mail Removed)
>>>
>>>This post is provided as-is with no warranties and

>>confers no rights.
>>>
>>>
>>>--------------------
>>>>Content-Class: urn:content-classes:message
>>>>From: "Dave" <(E-Mail Removed)>
>>>>Sender: "Dave" <(E-Mail Removed)>
>>>>Subject: Redirect to default page using Windows

>>Authentication
>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>>>>Lines: 22
>>>>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
>>>>MIME-Version: 1.0
>>>>Content-Type: text/plain;
>>>> charset="iso-8859-1"
>>>>Content-Transfer-Encoding: 7bit
>>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>>>>X-MimeOLE: Produced By Microsoft MimeOLE

V5.50.4910.0300
>>>>Newsgroups:

>>microsoft.public.dotnet.framework.aspnet.securit y
>>>>Path: cpmsftngxa06.phx.gbl
>>>>Xref: cpmsftngxa06.phx.gbl
>>>microsoft.public.dotnet.framework.aspnet.securi ty:7614
>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>>X-Tomcat-NG:

>>microsoft.public.dotnet.framework.aspnet.securit y
>>>>
>>>>Hi,
>>>>
>>>>Is there a way to redirect the user to a default,
>>>>anonymous, welcome or "splash" page for our

application
>>>>when using Windows authentication with Basic enabled?
>>>>
>>>>In other words, if a user attempts to access a

secured
>>>>page directly the first time, they will be redirected

>>to
>>>>the application's main entry point.
>>>>
>>>>I know this defeats the purpose of

setting "Favorites"
>>>>but we want to have updates, news, instructions, etc

on
>>>>this anonymous welcome page so the user can see this
>>>>information. It will then have a link or button that
>>>>states "Click here to login". Ideally, it would take
>>>>them then to the orignal page they wanted.
>>>>
>>>>I know this can be done with Forms authentication.
>>>>
>>>>Thanks, Dave.
>>>>
>>>>
>>>>
>>>
>>>.
>>>

>>

>
>.
>

 
Reply With Quote
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      11-24-2003
Dave,

You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
only 403, 404, and 500 errors are valid for customErrors. We have changed
that for the next version of ASP.NET, and you should be able to do this in
ASP.NET 2.0.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(E-Mail Removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
>Content-Class: urn:content-classes:message
>From: "Dave" <(E-Mail Removed)>
>Sender: "Dave" <(E-Mail Removed)>
>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

<(E-Mail Removed)>
<014601c3ae0c$9ff59be0$(E-Mail Removed)>
<(E-Mail Removed)>
>Subject: RE: Redirect to default page using Windows Authentication
>Date: Mon, 24 Nov 2003 13:06:52 -0800
>Lines: 187
>Message-ID: <028901c3b2ce$e20a2a70$(E-Mail Removed)>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa07.phx.gbl
>Xref: cpmsftngxa07.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 7663
>NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>That's just it. I'm not sure where to trap that error.
>Initially I thought an HttpModule would be my only
>option, but I'm not even sure if the Http Request will
>get that far in the pipeline.
>
>The webserver may get intercept the request and return
>that error before I can do any type of redirect on the
>backend using asp.net.
>
>Dave.
>
>>-----Original Message-----
>>Dave,
>>
>>That's correct. There's no way around that. The way

>wininet
>>authentication works is that if the resource you are

>requesting does not
>>allow anonymous access, a 401 is sent back to the

>browser. If the resource
>>is using Windows Integrated authentication and the

>browser is configured to
>>automatically send credentials, the token is sent back

>and the user is
>>authenticated. In the case of Basic authentication, a

>login prompt is
>>displayed and the user must log in.
>>
>>If you intercept the 401 and redirect somewhere, you

>hijack the browser's
>>ability to challenge. There is no way around that.
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Developer Support
>>ASP.NET
>>(E-Mail Removed)
>>
>>This post is provided as-is with no warranties and

>confers no rights.
>>
>>--------------------
>>>Content-Class: urn:content-classes:message
>>>From: "Dave" <(E-Mail Removed)>
>>>Sender: "Dave" <(E-Mail Removed)>
>>>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

>><(E-Mail Removed)>
>>>Subject: RE: Redirect to default page using Windows

>Authentication
>>>Date: Tue, 18 Nov 2003 11:46:14 -0800
>>>Lines: 104
>>>Message-ID: <014601c3ae0c$9ff59be0$(E-Mail Removed)>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: 7bit
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
>>>Newsgroups:

>microsoft.public.dotnet.framework.aspnet.securi ty
>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl

>>microsoft.public.dotnet.framework.aspnet.securit y:7618
>>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>>>X-Tomcat-NG:

>microsoft.public.dotnet.framework.aspnet.securi ty
>>>
>>>Jim,
>>>
>>>Thanks for the response. I guess I'm not following
>>>where I would run the code you mentioned other than the
>>>global.asax.
>>>
>>>I have the following code in there now...
>>>
>>>protected void Application_AuthenticateRequest(Object
>>>sender, EventArgs e)
>>> {
>>>if ((Request.CurrentExecutionFilePath !
>>>= "/MyApp/Index.aspx") &&

>(User.Identity.IsAuthenticated
>>>== false))
>>> {
>>> Response.Redirect("Index.aspx");
>>> }
>>>}
>>>
>>>This works on the first attempt to view a page other

>than
>>>index.aspx but when I try to click on a link that goes

>to
>>>a page secured by Basic Auth., the code above gets

>fired
>>>again and redirects me back to index.aspx. I don't

>have
>>>a chance to enter the login credentials.
>>>
>>>Dave.
>>>
>>>>-----Original Message-----
>>>>Dave,
>>>>
>>>>You would have to redirect on the 401 response. As

>long
>>>as the connection
>>>>with IIS is still held in cache (and it should be),

>this
>>>should work fine.
>>>>(I haven't tested it, so don't hold me to it.)
>>>>
>>>>It would look something like this:
>>>>
>>>>if (HttpResponse.Status == '401 ACCESS DENIED')
>>>>{
>>>> Response.Redirect('login.aspx');
>>>>}
>>>>
>>>>Jim Cheshire, MCSE, MCSD [MSFT]
>>>>Developer Support
>>>>ASP.NET
>>>>(E-Mail Removed)
>>>>
>>>>This post is provided as-is with no warranties and
>>>confers no rights.
>>>>
>>>>
>>>>--------------------
>>>>>Content-Class: urn:content-classes:message
>>>>>From: "Dave" <(E-Mail Removed)>
>>>>>Sender: "Dave" <(E-Mail Removed)>
>>>>>Subject: Redirect to default page using Windows
>>>Authentication
>>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>>>>>Lines: 22
>>>>>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
>>>>>MIME-Version: 1.0
>>>>>Content-Type: text/plain;
>>>>> charset="iso-8859-1"
>>>>>Content-Transfer-Encoding: 7bit
>>>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE

>V5.50.4910.0300
>>>>>Newsgroups:
>>>microsoft.public.dotnet.framework.aspnet.securi ty
>>>>>Path: cpmsftngxa06.phx.gbl
>>>>>Xref: cpmsftngxa06.phx.gbl
>>>>microsoft.public.dotnet.framework.aspnet.secur ity:7614
>>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>>>X-Tomcat-NG:
>>>microsoft.public.dotnet.framework.aspnet.securi ty
>>>>>
>>>>>Hi,
>>>>>
>>>>>Is there a way to redirect the user to a default,
>>>>>anonymous, welcome or "splash" page for our

>application
>>>>>when using Windows authentication with Basic enabled?
>>>>>
>>>>>In other words, if a user attempts to access a

>secured
>>>>>page directly the first time, they will be redirected
>>>to
>>>>>the application's main entry point.
>>>>>
>>>>>I know this defeats the purpose of

>setting "Favorites"
>>>>>but we want to have updates, news, instructions, etc

>on
>>>>>this anonymous welcome page so the user can see this
>>>>>information. It will then have a link or button that
>>>>>states "Click here to login". Ideally, it would take
>>>>>them then to the orignal page they wanted.
>>>>>
>>>>>I know this can be done with Forms authentication.
>>>>>
>>>>>Thanks, Dave.
>>>>>
>>>>>
>>>>>
>>>>
>>>>.
>>>>
>>>

>>
>>.
>>

>


 
Reply With Quote
 
Eric Larsen
Guest
Posts: n/a
 
      12-01-2003
Can you not redirect to a custom error page for 401 errors? I see you
can redirect for the different 401 errors in IIS, but it does not seem
to work for every case. It looks like the Error 401.3 is created by a
..NET process. Is there a way to bypass .NET catching the error?

Thanks,
Eric


(E-Mail Removed) (Jim Cheshire [MSFT]) wrote in message news:<(E-Mail Removed)>...
> Dave,
>
> You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is that
> only 403, 404, and 500 errors are valid for customErrors. We have changed
> that for the next version of ASP.NET, and you should be able to do this in
> ASP.NET 2.0.
>
> Jim Cheshire, MCSE, MCSD [MSFT]
> Developer Support
> ASP.NET
> (E-Mail Removed)
>
> This post is provided as-is with no warranties and confers no rights.
>
> --------------------
> >Content-Class: urn:content-classes:message
> >From: "Dave" <(E-Mail Removed)>
> >Sender: "Dave" <(E-Mail Removed)>
> >References: <018001c3adf3$a0978a90$(E-Mail Removed)>

> <(E-Mail Removed)>
> <014601c3ae0c$9ff59be0$(E-Mail Removed)>
> <(E-Mail Removed)>
> >Subject: RE: Redirect to default page using Windows Authentication
> >Date: Mon, 24 Nov 2003 13:06:52 -0800
> >Lines: 187
> >Message-ID: <028901c3b2ce$e20a2a70$(E-Mail Removed)>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="iso-8859-1"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> >Path: cpmsftngxa07.phx.gbl
> >Xref: cpmsftngxa07.phx.gbl

> microsoft.public.dotnet.framework.aspnet.security: 7663
> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> >
> >That's just it. I'm not sure where to trap that error.
> >Initially I thought an HttpModule would be my only
> >option, but I'm not even sure if the Http Request will
> >get that far in the pipeline.
> >
> >The webserver may get intercept the request and return
> >that error before I can do any type of redirect on the
> >backend using asp.net.
> >
> >Dave.
> >
> >>-----Original Message-----
> >>Dave,
> >>
> >>That's correct. There's no way around that. The way

> wininet
> >>authentication works is that if the resource you are

> requesting does not
> >>allow anonymous access, a 401 is sent back to the

> browser. If the resource
> >>is using Windows Integrated authentication and the

> browser is configured to
> >>automatically send credentials, the token is sent back

> and the user is
> >>authenticated. In the case of Basic authentication, a

> login prompt is
> >>displayed and the user must log in.
> >>
> >>If you intercept the 401 and redirect somewhere, you

> hijack the browser's
> >>ability to challenge. There is no way around that.
> >>
> >>Jim Cheshire, MCSE, MCSD [MSFT]
> >>Developer Support
> >>ASP.NET
> >>(E-Mail Removed)
> >>
> >>This post is provided as-is with no warranties and

> confers no rights.
> >>
> >>--------------------
> >>>Content-Class: urn:content-classes:message
> >>>From: "Dave" <(E-Mail Removed)>
> >>>Sender: "Dave" <(E-Mail Removed)>
> >>>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

> <(E-Mail Removed)>
> >>>Subject: RE: Redirect to default page using Windows

> Authentication
> >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
> >>>Lines: 104
> >>>Message-ID: <014601c3ae0c$9ff59be0$(E-Mail Removed)>
> >>>MIME-Version: 1.0
> >>>Content-Type: text/plain;
> >>> charset="iso-8859-1"
> >>>Content-Transfer-Encoding: 7bit
> >>>X-Newsreader: Microsoft CDO for Windows 2000
> >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
> >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
> >>>Newsgroups:

> microsoft.public.dotnet.framework.aspnet.security
> >>>Path: cpmsftngxa06.phx.gbl
> >>>Xref: cpmsftngxa06.phx.gbl

> microsoft.public.dotnet.framework.aspnet.security: 7618
> >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
> >>>X-Tomcat-NG:

> microsoft.public.dotnet.framework.aspnet.security
> >>>
> >>>Jim,
> >>>
> >>>Thanks for the response. I guess I'm not following
> >>>where I would run the code you mentioned other than the
> >>>global.asax.
> >>>
> >>>I have the following code in there now...
> >>>
> >>>protected void Application_AuthenticateRequest(Object
> >>>sender, EventArgs e)
> >>> {
> >>>if ((Request.CurrentExecutionFilePath !
> >>>= "/MyApp/Index.aspx") &&

> (User.Identity.IsAuthenticated
> >>>== false))
> >>> {
> >>> Response.Redirect("Index.aspx");
> >>> }
> >>>}
> >>>
> >>>This works on the first attempt to view a page other

> than
> >>>index.aspx but when I try to click on a link that goes

> to
> >>>a page secured by Basic Auth., the code above gets

> fired
> >>>again and redirects me back to index.aspx. I don't

> have
> >>>a chance to enter the login credentials.
> >>>
> >>>Dave.
> >>>
> >>>>-----Original Message-----
> >>>>Dave,
> >>>>
> >>>>You would have to redirect on the 401 response. As

> long
> as the connection
> >>>>with IIS is still held in cache (and it should be),

> this
> should work fine.
> >>>>(I haven't tested it, so don't hold me to it.)
> >>>>
> >>>>It would look something like this:
> >>>>
> >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
> >>>>{
> >>>> Response.Redirect('login.aspx');
> >>>>}
> >>>>
> >>>>Jim Cheshire, MCSE, MCSD [MSFT]
> >>>>Developer Support
> >>>>ASP.NET
> >>>>(E-Mail Removed)
> >>>>
> >>>>This post is provided as-is with no warranties and

> confers no rights.
> >>>>
> >>>>
> >>>>--------------------
> >>>>>Content-Class: urn:content-classes:message
> >>>>>From: "Dave" <(E-Mail Removed)>
> >>>>>Sender: "Dave" <(E-Mail Removed)>
> >>>>>Subject: Redirect to default page using Windows

> Authentication
> >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
> >>>>>Lines: 22
> >>>>>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
> >>>>>MIME-Version: 1.0
> >>>>>Content-Type: text/plain;
> >>>>> charset="iso-8859-1"
> >>>>>Content-Transfer-Encoding: 7bit
> >>>>>X-Newsreader: Microsoft CDO for Windows 2000
> >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
> >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

> V5.50.4910.0300
> >>>>>Newsgroups:

> microsoft.public.dotnet.framework.aspnet.security
> >>>>>Path: cpmsftngxa06.phx.gbl
> >>>>>Xref: cpmsftngxa06.phx.gbl

> microsoft.public.dotnet.framework.aspnet.security: 7614
> >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
> >>>>>X-Tomcat-NG:

> microsoft.public.dotnet.framework.aspnet.security
> >>>>>
> >>>>>Hi,
> >>>>>
> >>>>>Is there a way to redirect the user to a default,
> >>>>>anonymous, welcome or "splash" page for our

> application
> >>>>>when using Windows authentication with Basic enabled?
> >>>>>
> >>>>>In other words, if a user attempts to access a

> secured
> >>>>>page directly the first time, they will be redirected

> to
> >>>>>the application's main entry point.
> >>>>>
> >>>>>I know this defeats the purpose of

> setting "Favorites"
> >>>>>but we want to have updates, news, instructions, etc

> on
> >>>>>this anonymous welcome page so the user can see this
> >>>>>information. It will then have a link or button that
> >>>>>states "Click here to login". Ideally, it would take
> >>>>>them then to the orignal page they wanted.
> >>>>>
> >>>>>I know this can be done with Forms authentication.
> >>>>>
> >>>>>Thanks, Dave.
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>.
> >>>>
> >>>
> >>
> >>.
> >>

> >

 
Reply With Quote
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      12-02-2003
Eric,

No, you cannot. IIS handles that before ASP.NET has the opportunity in our
current architecture.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(E-Mail Removed)

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: (E-Mail Removed) (Eric Larsen)
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Subject: Re: Redirect to default page using Windows Authentication
>Date: 1 Dec 2003 12:58:26 -0800
>Organization: http://groups.google.com
>Lines: 238
>Message-ID: <(E-Mail Removed) >
>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

<(E-Mail Removed)>
<014601c3ae0c$9ff59be0$(E-Mail Removed)>
<(E-Mail Removed)>
<028901c3b2ce$e20a2a70$(E-Mail Removed)>
<(E-Mail Removed)>
>NNTP-Posting-Host: 167.218.156.60
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>X-Trace: posting.google.com 1070312307 30279 127.0.0.1 (1 Dec 2003

20:58:27 GMT)
>X-Complaints-To: (E-Mail Removed)
>NNTP-Posting-Date: Mon, 1 Dec 2003 20:58:27 +0000 (UTC)
>Path:

cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed 00.sul.t-online.de!t-onlin
e.de!peernews3.colt.net!news0.de.colt.net!eusc.int er.net!priapus.visi.com!ze
us.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.leve l3.net!ne
ws.level3.com!postnews1.google.com!not-for-mail
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 7783
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Can you not redirect to a custom error page for 401 errors? I see you
>can redirect for the different 401 errors in IIS, but it does not seem
>to work for every case. It looks like the Error 401.3 is created by a
>.NET process. Is there a way to bypass .NET catching the error?
>
>Thanks,
>Eric
>
>
>(E-Mail Removed) (Jim Cheshire [MSFT]) wrote in message

news:<(E-Mail Removed)>...
>> Dave,
>>
>> You cannot catch this with ASP.NET. Our spec for ASP.NET 1.0/1.1 is

that
>> only 403, 404, and 500 errors are valid for customErrors. We have

changed
>> that for the next version of ASP.NET, and you should be able to do this

in
>> ASP.NET 2.0.
>>
>> Jim Cheshire, MCSE, MCSD [MSFT]
>> Developer Support
>> ASP.NET
>> (E-Mail Removed)
>>
>> This post is provided as-is with no warranties and confers no rights.
>>
>> --------------------
>> >Content-Class: urn:content-classes:message
>> >From: "Dave" <(E-Mail Removed)>
>> >Sender: "Dave" <(E-Mail Removed)>
>> >References: <018001c3adf3$a0978a90$(E-Mail Removed)>

>> <(E-Mail Removed)>
>> <014601c3ae0c$9ff59be0$(E-Mail Removed)>
>> <(E-Mail Removed)>
>> >Subject: RE: Redirect to default page using Windows Authentication
>> >Date: Mon, 24 Nov 2003 13:06:52 -0800
>> >Lines: 187
>> >Message-ID: <028901c3b2ce$e20a2a70$(E-Mail Removed)>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="iso-8859-1"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>> >Thread-Index: AcOyzuIHne+BPDTwSz+E4bMQPmPxpQ==
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>> >Path: cpmsftngxa07.phx.gbl
>> >Xref: cpmsftngxa07.phx.gbl

>> microsoft.public.dotnet.framework.aspnet.security: 7663
>> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>> >
>> >That's just it. I'm not sure where to trap that error.
>> >Initially I thought an HttpModule would be my only
>> >option, but I'm not even sure if the Http Request will
>> >get that far in the pipeline.
>> >
>> >The webserver may get intercept the request and return
>> >that error before I can do any type of redirect on the
>> >backend using asp.net.
>> >
>> >Dave.
>> >
>> >>-----Original Message-----
>> >>Dave,
>> >>
>> >>That's correct. There's no way around that. The way

>> wininet
>> >>authentication works is that if the resource you are

>> requesting does not
>> >>allow anonymous access, a 401 is sent back to the

>> browser. If the resource
>> >>is using Windows Integrated authentication and the

>> browser is configured to
>> >>automatically send credentials, the token is sent back

>> and the user is
>> >>authenticated. In the case of Basic authentication, a

>> login prompt is
>> >>displayed and the user must log in.
>> >>
>> >>If you intercept the 401 and redirect somewhere, you

>> hijack the browser's
>> >>ability to challenge. There is no way around that.
>> >>
>> >>Jim Cheshire, MCSE, MCSD [MSFT]
>> >>Developer Support
>> >>ASP.NET
>> >>(E-Mail Removed)
>> >>
>> >>This post is provided as-is with no warranties and

>> confers no rights.
>> >>
>> >>--------------------
>> >>>Content-Class: urn:content-classes:message
>> >>>From: "Dave" <(E-Mail Removed)>
>> >>>Sender: "Dave" <(E-Mail Removed)>
>> >>>References: <018001c3adf3$a0978a90$(E-Mail Removed)>

>> <(E-Mail Removed)>
>> >>>Subject: RE: Redirect to default page using Windows

>> Authentication
>> >>>Date: Tue, 18 Nov 2003 11:46:14 -0800
>> >>>Lines: 104
>> >>>Message-ID: <014601c3ae0c$9ff59be0$(E-Mail Removed)>
>> >>>MIME-Version: 1.0
>> >>>Content-Type: text/plain;
>> >>> charset="iso-8859-1"
>> >>>Content-Transfer-Encoding: 7bit
>> >>>X-Newsreader: Microsoft CDO for Windows 2000
>> >>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>> >>>Thread-Index: AcOuDJ/1n4uo2nCoQJyNrXRXUzhJ9Q==
>> >>>Newsgroups:

>> microsoft.public.dotnet.framework.aspnet.security
>> >>>Path: cpmsftngxa06.phx.gbl
>> >>>Xref: cpmsftngxa06.phx.gbl

>> microsoft.public.dotnet.framework.aspnet.security: 7618
>> >>>NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
>> >>>X-Tomcat-NG:

>> microsoft.public.dotnet.framework.aspnet.security
>> >>>
>> >>>Jim,
>> >>>
>> >>>Thanks for the response. I guess I'm not following
>> >>>where I would run the code you mentioned other than the
>> >>>global.asax.
>> >>>
>> >>>I have the following code in there now...
>> >>>
>> >>>protected void Application_AuthenticateRequest(Object
>> >>>sender, EventArgs e)
>> >>> {
>> >>>if ((Request.CurrentExecutionFilePath !
>> >>>= "/MyApp/Index.aspx") &&

>> (User.Identity.IsAuthenticated
>> >>>== false))
>> >>> {
>> >>> Response.Redirect("Index.aspx");
>> >>> }
>> >>>}
>> >>>
>> >>>This works on the first attempt to view a page other

>> than
>> >>>index.aspx but when I try to click on a link that goes

>> to
>> >>>a page secured by Basic Auth., the code above gets

>> fired
>> >>>again and redirects me back to index.aspx. I don't

>> have
>> >>>a chance to enter the login credentials.
>> >>>
>> >>>Dave.
>> >>>
>> >>>>-----Original Message-----
>> >>>>Dave,
>> >>>>
>> >>>>You would have to redirect on the 401 response. As

>> long
>> as the connection
>> >>>>with IIS is still held in cache (and it should be),

>> this
>> should work fine.
>> >>>>(I haven't tested it, so don't hold me to it.)
>> >>>>
>> >>>>It would look something like this:
>> >>>>
>> >>>>if (HttpResponse.Status == '401 ACCESS DENIED')
>> >>>>{
>> >>>> Response.Redirect('login.aspx');
>> >>>>}
>> >>>>
>> >>>>Jim Cheshire, MCSE, MCSD [MSFT]
>> >>>>Developer Support
>> >>>>ASP.NET
>> >>>>(E-Mail Removed)
>> >>>>
>> >>>>This post is provided as-is with no warranties and

>> confers no rights.
>> >>>>
>> >>>>
>> >>>>--------------------
>> >>>>>Content-Class: urn:content-classes:message
>> >>>>>From: "Dave" <(E-Mail Removed)>
>> >>>>>Sender: "Dave" <(E-Mail Removed)>
>> >>>>>Subject: Redirect to default page using Windows

>> Authentication
>> >>>>>Date: Tue, 18 Nov 2003 08:47:17 -0800
>> >>>>>Lines: 22
>> >>>>>Message-ID: <018001c3adf3$a0978a90$(E-Mail Removed)>
>> >>>>>MIME-Version: 1.0
>> >>>>>Content-Type: text/plain;
>> >>>>> charset="iso-8859-1"
>> >>>>>Content-Transfer-Encoding: 7bit
>> >>>>>X-Newsreader: Microsoft CDO for Windows 2000
>> >>>>>Thread-Index: AcOt86CVOxfr0qBrQki1cS1gMBOKEA==
>> >>>>>X-MimeOLE: Produced By Microsoft MimeOLE

>> V5.50.4910.0300
>> >>>>>Newsgroups:

>> microsoft.public.dotnet.framework.aspnet.security
>> >>>>>Path: cpmsftngxa06.phx.gbl
>> >>>>>Xref: cpmsftngxa06.phx.gbl

>> microsoft.public.dotnet.framework.aspnet.security: 7614
>> >>>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>> >>>>>X-Tomcat-NG:

>> microsoft.public.dotnet.framework.aspnet.security
>> >>>>>
>> >>>>>Hi,
>> >>>>>
>> >>>>>Is there a way to redirect the user to a default,
>> >>>>>anonymous, welcome or "splash" page for our

>> application
>> >>>>>when using Windows authentication with Basic enabled?
>> >>>>>
>> >>>>>In other words, if a user attempts to access a

>> secured
>> >>>>>page directly the first time, they will be redirected

>> to
>> >>>>>the application's main entry point.
>> >>>>>
>> >>>>>I know this defeats the purpose of

>> setting "Favorites"
>> >>>>>but we want to have updates, news, instructions, etc

>> on
>> >>>>>this anonymous welcome page so the user can see this
>> >>>>>information. It will then have a link or button that
>> >>>>>states "Click here to login". Ideally, it would take
>> >>>>>them then to the orignal page they wanted.
>> >>>>>
>> >>>>>I know this can be done with Forms authentication.
>> >>>>>
>> >>>>>Thanks, Dave.
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>.
>> >>>>
>> >>>
>> >>
>> >>.
>> >>
>> >

>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Response.redirect does not redirect from .aspx page =?Utf-8?B?VHJveQ==?= ASP .Net 3 10-15-2008 09:07 PM
unable to redirect page using form authentication while accessing from different domain Ketan Shah ASP .Net Web Services 1 10-25-2007 01:04 PM
how to redirect to a requested page instead of default page after login savvy ASP .Net 8 11-18-2006 11:13 AM
Basic Q - Response.Redirect, all redirect to first Response.Redirect statement Sal ASP .Net Web Controls 1 05-15-2004 03:46 PM
Redirect when using Windows (Basic) Authentication? Dave ASP .Net 4 11-25-2003 02:24 PM



Advertisments