Re: Detecting Failed Authorization

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bijoy Naick (b_naick_at_yahoo.ca)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 16:08:41 -0500

Ken,

Thanks for the response.. I don't understand how the code you provided will
detect a "failed AUTHORIZATION". It will probably detect a failed
"AUTHENTICATION" attempt.

Am I missing something?

Bijoy

"Ken Dopierala Jr." <kdopierala2@wi.rr.com> wrote in message
news:OkSRt$x1EHA.3468@TK2MSFTNGP14.phx.gbl...
> Hi Bijoy,
>
> This might work for you. It is what I use. It goes in your global.asax
> file. Ken.
>
> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
> EventArgs)
> Dim appHTTP As HttpApplication = CType(sender, HttpApplication)
>
> 'Check if the user is authenticated.
> If (appHTTP.Request.IsAuthenticated = True) Then
> 'Do nothing.
> Else
> 'Redirect where you want the user to go.
> 'Here you can also find out what page they
> 'were trying to get to and customize your
> 'response accordingly.
> End If
> End Sub
>
> Good luck! Ken.
>
> --
> Ken Dopierala Jr.
> For great ASP.Net web hosting try:
> http://www.webhost4life.com/default.asp?refid=Spinlight
> If you sign up under me and need help, email me.
>
> "Bijoy Naick" <b_naick@yahoo.ca> wrote in message
> news:uy7wokx1EHA.1400@TK2MSFTNGP11.phx.gbl...
> > I've implemented forms authentication and authorization on my
application.
> > In my Web.Config, my authorization section looks like this..
> >
> > <authorization>
> > <allow roles="admin" />
> > <deny users="*" />
> > </authorization>
> >
> > If an authenticated user, who is NOT designated the role "admin"
attempts
> > to access this folder, he/she is simply redirected to the login page.
> >
> > How do I detect a failed authorization and display a meaninfull error
msg?
> I
> > found an article which came up with solution :
> >
> > Sub Global_EndRequest(ByVal sender As Object, ByVal e As
System.EventArgs)
> > Handles MyBase.EndRequest
> > If User.Identity.IsAuthenticated And Response.StatusCode = "401"
Then
> > Response.Redirect("test.aspx")
> > End If
> > End Sub
> >
> > When I implement this, and the the situation described above occurs, the
> > application seems to hang.. ie. the user isn't allowed into the
> application
> > but it never redirects to test.aspx.
> >
> > Any suggestions??
> >
> > Bijoy
> >
> >
>
>

Relevant Pages

  • Re: IIS 5.0 Windows Authenticion/NT Challenge Response
    ... The first response looks like it was for a request made to a vdir that has ... anonymous authentication enabled on IIS. ... you could have anonymous authentication enabled. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Linux dialup to Netscape.net?
    ... > segment of the ppp log between the 'Serial connection established.' ... Starting pppd and hoping for the best. ... --> The PPP daemon has died: Authentication error. ... reference to the "aolnet" response somewhere through Google, ...
    (comp.os.linux.misc)
  • Re: Using trusted database connection across domains
    ... You asked for my comments on your response to my question. ... You go on to say that I have a double-hop in my authentication. ... however the web server is in a workgroup which is not ... Microsoft Online Community Support ...
    (microsoft.public.sqlserver.security)
  • Re: Win share authentication
    ... A challenge/response authentication method is used and it ... called a nonce and sends it back to the client. ... The client encrypts the ... The LM response is calculated as follows (see Appendix A for a sample ...
    (microsoft.public.security)
  • Re: Authentication condition in custom httphandler
    ... authentication, the 401 should land you back at the logon page. ... >I haven't used the UrlAuthorizationModule before but as I understand it, ... >> they just set the response status to 401 and call CompleteRequest. ...
    (microsoft.public.dotnet.framework.aspnet.security)