Re: Detecting Failed Authorization

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Tampa .NET Koder (TampaNETKoder_at_discussions.microsoft.com)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 13:39:08 -0800

I don't think this can be trapped within the global.asax file then, the
authentication request is handled throught it. However, if your user does get
the IE 403 error page, "Not Authorized to view this page", then you can
replace this error page with your own using the <customErrors element> like
below:

    <customErrors mode="RemoteOnly" defaultRedirect="/genericerror.htm">
      <error statusCode="500" redirect="/error/callsupport.htm"/>
      <error statusCode="404" redirect="/error/notfound.aspx"/>
      <error statusCode="403" redirect="/error/noaccess.aspx"/>
    </customErrors>

this is all I can think of.

"Bijoy Naick" wrote:

> I think u misunderstood my question. The authentication piece works fine.
>
> Problem occurs when a user authentcates successfully but does not have
> access (authorization) to a folder. In this case, they get booted back to
> teh login page.. How can I detect a failed authorization? so that I can
> display a meaningfull error msg.
>
> Bijoy
>
>
> "Tampa .NET Koder" <TampaNETKoder@discussions.microsoft.com> wrote in
> message news:D370107A-67B4-4543-9B1C-C9EF712E904D@microsoft.com...
> > The forms tag in the web.config file has a loginUrl attribute that you
> can
> > give it an login.aspx page which every user will be redirected to this
> page
> > if they are not authenticated. Once authenticated, they will be
> > automatically be redirected to the page that they were trying to access.
> >
> > "Bijoy Naick" wrote:
> >
> > > I've implemented forms authentication and authorization on my
> application.
> > > In my Web.Config, my authorization section looks like this..
> > >
> > > <authorization>
> > > <allow roles="admin" />
> > > <deny users="*" />
> > > </authorization>
> > >
> > > If an authenticated user, who is NOT designated the role "admin"
> attempts
> > > to access this folder, he/she is simply redirected to the login page.
> > >
> > > How do I detect a failed authorization and display a meaninfull error
> msg? I
> > > found an article which came up with solution :
> > >
> > > Sub Global_EndRequest(ByVal sender As Object, ByVal e As
> System.EventArgs)
> > > Handles MyBase.EndRequest
> > > If User.Identity.IsAuthenticated And Response.StatusCode = "401"
> Then
> > > Response.Redirect("test.aspx")
> > > End If
> > > End Sub
> > >
> > > When I implement this, and the the situation described above occurs, the
> > > application seems to hang.. ie. the user isn't allowed into the
> application
> > > but it never redirects to test.aspx.
> > >
> > > Any suggestions??
> > >
> > > Bijoy
> > >
> > >
> > >
>
>
>

Relevant Pages

  • asp.net vulnerability
    ... From: Windows NTBugtraq Mailing List ... More details on ASP.NET vulnerability ... There has been some confusion with the ASP.NET forms authentication issue ... authorization issue, not an authentication issue. ...
    (microsoft.public.sharepoint.portalserver)
  • Re: application pool custom identity
    ... Kerberos becomes a possibility when the web server is in a Domain, ... The problem happens when the browser/server selects Kerberos authentication, ... LocalSystem credentials will work for Kerberos; custom AppPool Identity ... Authorization. ...
    (microsoft.public.inetserver.iis)
  • Re: Kerberos OpenLDAP Frontend
    ... Jonathan Javier Cordoba Gonzalez wrote: ... but then you are mixing the authentication with the authorization. ... A KDC with passwords and LDAP ...
    (comp.protocols.kerberos)
  • Re: ASP.NET Authentication exception case
    ... It doesn't seem to like the authorization tag underneath the location tag ... This section sets the authentication policies of the application. ... <!-- SESSION STATE SETTINGS ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Brackets across includes
    ... I am trying to create a user authentication system, ... separate the authentication code into include files. ... separate concepts and should be implemented as separate procedures. ... Authorization could be ...
    (comp.lang.php)