I have been trying this from last two days. I am not getting whats the problem. I searched the web but didn't find any solution. i tried all the settings of IIS like "Moving negotiate down, disable other authentication" but doesn't work. SO here is my problem: I have a intranet web application in ASP.NET which is using username and passwords stored in Active Directory. I have five different pages in my application. All the pages are stored in a separate folders with their web.config files. These web.config files have names of the users which are allowed to view that page like this.
<authorization>
<allow users="Domainname\username"/>
</authorization>
I want to redirect those users who are not in the above list to other error page with appropriate message. I used this
protected void Application_EndRequest(object sender, EventArgs e)
{
if (HttpContext.Current.Response.Status.StartsWith("401"))
{
HttpContext.Current.Response.ClearContent();
Response.Redirect("~/myerrorpage.aspx?myerrormsg=you are not allowed");
}
}
This is working on the localhost, but when I am putting my application in IIS all the authorized users (those who are in list) are also redirecting to the error message page.
Outside of IIS, it is working correctly. However, I am not able to redirect unauthorized users to error message page. I have also tried with Error pages settings of IIS, but I'm having the same problem.
Please suggest to me what should I do to correct this. Is there is any other way to do it?
Best Answer
I don't know for sure if this is what the issue is in you specific case, but in general, the process is:
My guess is that you're failing at step (1) by catching the first 401 before the user has a chance to supply credentials. You can verify this with F12 tools or with a tool like Fiddler.