在ASP.NET中强制自定义HTTP 401未授权页面
[英]Forcing a custom HTTP 401 unauthorized page in ASP.NET
问题描述
I've written a web application for internal use at work (not for the wider internet) that makes use of Windows authentication - ASP.NET interrogating Windows for the current set of credentials. 
我已经编写了一个Web应用程序,供工作时内部使用(不适用于更广泛的Internet),它使用Windows身份验证 - ASP.NET查询Windows以获取当前的凭据集。 An authentication method called from the Page_PreInit of protected pages throws a 401 error if the username is not found in an AD group I've set up. 如果在我设置的AD组中找不到用户名,则从受保护页面的Page_PreInit调用的身份验证方法会引发401错误。
I implemented Earlz' CustomErrorsFixer from Throwing an HttpException always sends back HTTP 500 error? 我实现了Earlz'CustomErrorsFixer 抛出一个HttpException总是发回HTTP 500错误? as I too was only getting 500s back. 因为我也只有500秒回来了。 Now my custom error pages are working, which is great. 现在我的自定义错误页面正常工作,这很棒。
Developing locally in Visual Studio development server, I've found that if I do not have access, I just go straight to the 401 error page. 在Visual Studio开发服务器本地开发,我发现如果我没有访问权限,我会直接进入401错误页面。 However! 然而! When I publish the site to an IIS server, if the user doesn't have access they get a Windows username/password prompt (the ugly, small one in XP). 当我将站点发布到IIS服务器时,如果用户没有访问权限,则会获得Windows用户名/密码提示 (XP中的丑陋,小的)。 This is actually quite handy because it gives people who are logged onto a different domain a chance to enter the correct credentials. 这实际上非常方便,因为它使登录到不同域的人有机会输入正确的凭据。
At this stage, when the password prompt comes up, if the user hits Cancel or Escape , they go to the custom 401 page, which tells them how to go about requesting access. 在此阶段,当密码提示出现时,如果用户点击取消或退出 ,他们会转到自定义401页面,告诉他们如何进行请求访问。 IF however they try to enter a username and password, which defaults to the wrong domain and are therefore incorrect credentials, they are shown the default IIS 401 page , which I'm very keen to avoid. 但是,如果他们尝试输入用户名和密码(默认为错误的域名,因此是不正确的凭据),则会显示默认的IIS 401页面 ,我非常希望避免这些页面 。 Third scenario - if they enter CORRECT credentials, they are asked 3 times, and then shown the custom error page. 第三种情况 - 如果他们输入CORRECT凭据,则会询问他们3次,然后显示自定义错误页面。
So, users see the custom 401 page if they are "authenticated", and the standard IIS one if they are not. 因此,如果用户“经过身份验证”,则会看到自定义401页面,如果不是,则会看到标准IIS页面。
However, I've been finding that most people when prompted with a username/password box just enter the username/password without domain - which ends up being incorrect and therefore sending them to the non-custom IIS 401 page . 但是,我发现大多数人在提示输入用户名/密码框时只输入没有域名的用户名/密码 - 这最终会导致错误,因此将其发送到非自定义IIS 401页面 。 Does anyone know how I can solve this? 有谁知道我怎么解决这个问题? It's extremely annoying, because people need to see the custom 401 page in order to see which group they need to request access to! 这非常烦人,因为人们需要查看自定义401页面才能看到他们需要访问哪个组!
In case it matters, the browser we all use is IE8 on XP or IE9 on Windows 7. Please let me know if I should post any code up. 如果它很重要,我们所有使用的浏览器都是XP上的IE8或Windows 7上的IE9。请告诉我是否应该发布任何代码。
1 个解决方案
解决方案1
2 已采纳 2012-05-25 22:54:31
IIS7 intercepts the 401 along with a few other HTTP status code by default. IIS7默认拦截401以及一些其他HTTP状态代码。
Try this: 尝试这个:
<configuration>
<system.webServer>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
</configuration>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.