asp.net windows authentication

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • DK
    #1

    asp.net windows authentication

    I have an intranet application I've built using asp.net 3.5 / running on
    IIS6.

    The problem: when a user trys to access a page that they do not have access
    to, they are given the annoying windows authentication popup, which is
    useless because they are denied in the web.config file. After 3 tries or
    hitting cancel, they are then directed to the Access Denied page.

    How can I get rid of that popup ???

    In my main web.config I have this:
    <authenticati on mode="Windows"/>
    <authorizatio n>
    <deny users="?"/>
    </authorization>

    other web.configs would look like this:
    <system.web>
    <authorizatio n>
    <allow roles="MyDomain \AllowedRoles"/>
    <deny users="*"/>
    </authorization>

    In IIS6 under Directory Security Authentication Methods everything is
    cleared except Integrated Windows Authentication.

    There's another app on another server in our domain that is set up the exact
    same way (as far as I can tell) and you go directly to the Access Denied
    page. There must be something stupid that I'm missing.

    It's not the end of the world but I'd like to solve this.....Thanks .

    Tags: None
    • Alexey Smirnov
      #2
      Re: asp.net windows authentication

      On Oct 2, 7:58 pm, "DK" <bushido...@hot mail.comwrote:
      There's another app on another server in our domain that is set up the exact
      same way (as far as I can tell) and you go directly to the Access Denied
      For the same user? Check if user has no stored password for that site
      in Control Panel - User Accounts. If there's nothing, check IE
      settings, under Security, "Prompt for logon" or similar. If "Access
      Denied" page is a custom page, check if non-authorized users have
      access to it.

        Comment

        • Michael Nemtsev [MVP]
          #3
          Re: asp.net windows authentication

          Hello DK,

          And check Truster site either, becase as Alexey noted your site can be in
          one of those group with the "automatic logon" settings

          ---
          WBR,
          Michael Nemtsev [Microsoft MVP] :: blog: http://spaces.live.com/laflour
          :: http://twitter.com/laflour

          "The greatest danger for most of us is not that our aim is too high and we
          miss it, but that it is too low and we reach it" (c) Michelangelo


          DI have an intranet application I've built using asp.net 3.5 / running
          Don IIS6.
          D>
          DThe problem: when a user trys to access a page that they do not have
          Daccess to, they are given the annoying windows authentication popup,
          Dwhich is useless because they are denied in the web.config file.
          DAfter 3 tries or hitting cancel, they are then directed to the Access
          DDenied page.
          D>
          DHow can I get rid of that popup ???
          D>
          DIn my main web.config I have this:
          D<authenticatio n mode="Windows"/>
          D<authorization >
          D<deny users="?"/>
          D</authorization>
          Dother web.configs would look like this:
          D<system.web>
          D<authorization >
          D<allow roles="MyDomain \AllowedRoles"/>
          D<deny users="*"/>
          D</authorization>
          DIn IIS6 under Directory Security Authentication Methods everything
          Dis cleared except Integrated Windows Authentication.
          D>
          DThere's another app on another server in our domain that is set up
          Dthe exact same way (as far as I can tell) and you go directly to the
          DAccess Denied page. There must be something stupid that I'm missing.
          D>
          DIt's not the end of the world but I'd like to solve this.....Thanks .
          D>


            Comment

            • bruce barker
              #4
              Re: asp.net windows authentication

              this is normal. if the browser requests a resource and get a 401 (access
              denied), the browser asks a new login. you could write a handler that
              checked for the 401 and if the user had sent a valid login, redirect to
              an access denied page instead of responding with a 401.

              -- bruce (sqlwork.com)


              DK wrote:
              I have an intranet application I've built using asp.net 3.5 / running on
              IIS6.
              >
              The problem: when a user trys to access a page that they do not have
              access to, they are given the annoying windows authentication popup,
              which is useless because they are denied in the web.config file. After 3
              tries or hitting cancel, they are then directed to the Access Denied page.
              >
              How can I get rid of that popup ???
              >
              In my main web.config I have this:
              <authenticati on mode="Windows"/>
              <authorizatio n>
              <deny users="?"/>
              </authorization>
              >
              other web.configs would look like this:
              <system.web>
              <authorizatio n>
              <allow roles="MyDomain \AllowedRoles"/>
              <deny users="*"/>
              </authorization>
              >
              In IIS6 under Directory Security Authentication Methods everything is
              cleared except Integrated Windows Authentication.
              >
              There's another app on another server in our domain that is set up the
              exact same way (as far as I can tell) and you go directly to the Access
              Denied page. There must be something stupid that I'm missing.
              >
              It's not the end of the world but I'd like to solve this.....Thanks .

                Comment

                Previous template Next
                Working...