开发者

How to use custom Errors page in Windows Authentication

问答 作者:

I am using asp.net 3.5 web.config to limit access and it works great.

<authentication mode="Windows">
<authorization>
    <allow users="Bill, John"/>
    <deny users="*"/>
</authorization>

Unauthorized (but authenticated) users will be blocked by a system error message saying that:

Server Error in '/' Application
Access is denied.
Description: An error occurred while .......
Error message 401.2: Unauthorized: Logon failed due to server configuration ...

In order to make the message more friendly, I uncomment the customErrors flag and create a GenericErrorPage.htm in the root path of my project.

<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
    <error statusCode="403" redirect="NoAccess.htm" />
    <error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>

However, it just doesn't work. I still get the system error message rather than my custom error page.

Any 开发者_如何学Csuggestions will be appreciated.

You won't see it - custom error pages are served by the ASP.NET application, but Windows auth is served up by IIS itself.

Now you can set IIS to use different error pages. For IIS7 this needs a separate configuration section;

<system.webServer>
  <httpErrors errorMode="Custom" existingResponse="Auto">
    <error statusCode="403" 
           subStatusCode="-1" 
           prefixLanguageFilePath="" 
           path="C:\inetpub\wwwroot\errors\403.htm" 
           responseMode="File" />
  </httpErrors>
</system.webServer>

And you'll need to ensure the app pool user has access to that path.

Not having tested this in other scenarios, but looking at some of the suggestions from this detailed article for a similar problem.

The other problem turned out to be:

the access to the error page was blocked by the authorization requirements.

The solution was to use a attribute in the web.config. refer to the link for more detailed explanation but here's a snippet:

<!-- in the same root web config file-->
<configuration>
    <system.web>
        <authorization>
        <allow users="Bill, John"/>
        <deny users="?" />
        </authorization>
    </system.web>

    <!-- the page specific authorization-->   
    <location path="GenericErrorPage.htm"> <!-- other ones for your other pages-->
        <system.web>
        <authorization>
        <allow users="*" />
        </authorization>
        </system.web>
    </location>

</configuration>

change :

<customErrors mode="RemoteOnly" />

The mode attribute can be one of the following:

* On – error details are not shown to anybody, even local users. If you specified a custom error page it will be always used.
* Off – everyone will see error details, both local and remote users. If you specified a custom error page it will NOT be used.
* RemoteOnly – local users will see detailed error pages with a stack trace and compilation details, while remote users with be presented with a concise page notifying them that an error occurred. If a custom error page is available, it will be shown to the remote users only.

Displaying a concise yet not-so-pretty error page to visitors is still not good enough, so you need to put together a custom error page and specify it this way:

<customErrors
       mode="RemoteOnly" 
       defaultRedirect="~/errors/GeneralError.aspx" 
/>

继续阅读:.netasp.netcustom-error-pagesweb-config

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9