iis security:
What you are claiming does not look like an IIS issue.
When a user provides wrong credentials, the error that occurs is 401.1.
This error is assigned a static HTML page by default. A static HTML page
does not change on the fly -- thus it is unable to display the name of the
vdir.
The fact that you are getting a page which does display the vdir (but
provides a 401.1 error content with an error code of 401.2) tells me that
either you configured the 401.1 custom error page with wrong content, or IIS
did not send back the access-denied page (i.e. something else running on IIS
sent back the page).
I suggest that you setup 401.1 custom error in effect for the vdir/app in
question (be aware that overriding settings can be made at child vdirs) to
point to the right content (401.2 error code for content meant for 401.1
error code does not look correct). If this does not work, then you are
probably using custom authentication scheme which can send arbitrary
content -- so IIS has no control -- you will have to figure out how to
configure your custom solution.
--
//David
IIS
http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view] "ashuattri" <ashuattri.1i1393@mail.webservertalk.com> wrote in message
news:ashuattri.1i1393@mail.webservertalk.com...
I have implemented Integrated Windows Authentication on my site and it
seems to be working fine except one thing that I am not getting 401-2
Access denied (C:\WINNT\help\iisHelp\common\401-2.htm) page once the
user provides wrong credentials. Instead it displays the name of the
virtual directory (which i donnot want to be shown to the user) and
says that you u are not authorized to view this page.
I am getting the following error if I enter wrong password three times
or press cancel the button:
Server Error in '/NTAuth' Application
Access is denied.
Description: An error occurred while accessing the resources required
to
serve this request. The server may not be configured for access to the
requested URL.
Error message 401.2.: You do not have permission to view this directory
or
page using the credentials you supplied. Contact the Web server's
administrator for help.
-----------------------
Whereas I want to get the following standard error page from the custom
errors of IIS:
C:\WINNT\help\iisHelp\common\401-2.htm
Content Below:
You are not authorized to view this page
You do not have permission to view this directory or page using the
credentials that you supplied because your Web browser is sending a
WWW-Authenticate header field that the Web server is not configured to
accept.
----------------------------------------------------------------------------
----
Please try the following:
Contact the Web site administrator if you believe you should be able to
view this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.
Internet Information Services (IIS)
----------------------------------------------------------------------------
----
Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a title search for
the words HTTP and 401.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search
for topics titled About Security, Authentication, and About Custom Error
Messages.
Can anybody please suggest why I am getting that error page instead of
standard custom error page from IIS settings and how can get the
standard custom error page
--
ashuattri
------------------------------------------------------------------------
Posted via
http://www.webservertalk.com ------------------------------------------------------------------------
View this thread:
http://www.webservertalk.com/message855320.html
