Can I redirect a user to another page if they cancel an authentication prompt?

On IIS6, using NTLM Authentication (meaning Integrated Windows Authentication) if the user cancels the authentication request, how can I redirect them to another page? I can't just grab 401 (tried) or 401.1 (not an int) in the web.config.

I can't redirect if the issue is a 401 status because I'm intentionally pushing for a 401 to get the response, yeah? So how do I capture when they canceled on the browser challenge?

T开发者_开发技巧o clarify, if I open Firefox and navigate to an IWA page, it shows me a dialog (assuming I haven't configured that away in about:config) and I key in the windows credentials to use. I want to prevent them stopping that box.

I want this behavior per-app on IIS6/7. I asked it initially before we migrated to IIS7, so any answer can be altered between the two.

I need to redirect per-app, not per-server, based on the user canceling 401 Auth request (meaning 401.1 error code).

Some response types aren't passed to .NET for processing. Instead, they have to be handled at the IIS level. If you want a different page based on the response, then you need to go to IIS Manager and find the section that controls Error Pages (it's different depending on the IIS version you are using).

Then add the status code you want to capture and give it the page you want the browser to be directed to.

I know you mentioned IIS 6, but I don't have access to one of those servers. For IIS 7, click on the site. Go to the IIS > Error Pages section. Click Add. Type in the code (401.1) and give it a path to a page on your site. Make sure that page is accessible for anonymous.

You can also handle this in your web.config (see Microsoft Docs for more details):

In the errors section of your web.config do the following (as an example):

<error statusCode="401" subStatusCode="1" prefixLanguageFilePath="c:\inetpub\custerr" path="401_1.htm" />

I don't know if you can use .aspx pages for this, but it sure looks like it. However, they will probably have to be completely self-contained.

Microsoft documentation on HttpResponse.SubStatusCode is on MSDN. According to them it ONLY works on IIS 7, .NET 3.0+, and when using the Integrated Pipeline mode. This might be a bit restrictive depending on your app.