How to automatically send denied users to "access denied" page, instead of a login prompt only then to be sent to "access denied" page

Hello:

My security works fine except for one small annoyance.  This is an intranet site only and are using Windows (AD) authentication with Anonymous turned off.  The 'good' users get right in, with no prompts.  This is good.  However, the 'bad' (denied) users get a prompt to enter their credentials only to be denied.  I would like to eliminate the need for them to even try and enter credentials and send them directly to an "access denied" page (no prompts).  It only wastes their time and aggrevates them.

Thoughts?

Thank you!

Win2003, SP1 / IIS 6.0 / ASP.NET / Windows Authentication

0
bullfrog1870
4/3/2009 2:33:58 AM
asp.net.security 27051 articles. 1 followers. Follow

7 Replies
1604 Views

Similar Articles

[PageSpeed] 30

Maybe you can take a look at the HttpModule mentioned on this page:

http://flimflan.com/blog/HttpModuleToAllowACustomErrorPageFor4012AccessDeniedInASPNET.aspx

I've used it in my application to redirect users with no authorization for my application to an error page.


Nils Gruson
Microsoft .NET Consultant (MCPD)
Logica



You don't have to be sick to get better.

Please remember to click “Mark as Answer” on the post that helped you keep your job.
0
ngruson
4/3/2009 7:19:25 AM

Sorry, but this link seems to be down.  Any other sites?

 

0
bullfrog1870
4/3/2009 10:17:40 AM

 Hi there!

 you could use the webconfig for that specific error handling:

 <customErrors mode="On" defaultRedirect="error.aspx">
    <error statusCode="401" redirect="error.aspx?code=401"/>
</customErrors>

see also:
http://www.15seconds.com/issue/030102.htm

Melbu

0
Melbu
4/3/2009 10:29:04 AM

it seems that you've specifically added the ACL users by going to the file properties - > securities tab, otherwise that dialog box should not get opened at all. use declarative authorization in web.config and remove all other.


SHASHANK BHIDE
CAPGEMINI INDIA
"THE ROAD TO SUCCESS IS ALWAYS UNDER CONSTRUCTION MARK MY RESPONSE AS ANSWER TO HELP ME BUILD IT :)"
0
shashankgwl
4/3/2009 11:28:31 AM

Hi, bullfrog

When the your called "bad" users access your website, server will response a 401 status code. and response with 401 will trigger client browser login dialog prompted. Things come to my mind is rewriting windows authentication module and change 401 to 403 if the request do not come with a validated credential.

Regards


Andrew Zhu
Microsoft online ASP.NET support
Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
0
Andrew
4/8/2009 3:16:15 AM

Hi guys:

 I saw Shawshanks response, but I'm not sure I know how to follow through on it.  Can anyone provide direction?

Thanks...

0
bullfrog1870
4/8/2009 11:51:04 AM
shashankgwl

Even we delete ACL users in the security table of file properties, login dialog box will still prompt.

Regards


Andrew Zhu
Microsoft online ASP.NET support
Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
0
Andrew
4/10/2009 1:22:22 AM
Reply:

Similar Artilces:

"Access Denied" when accessing .aspx page, but not .html page?!?
Hey folks, need some assistance here. Everything was working fine, until our network guys made some modifications to our network, and now my application will not display any ASPX resource without complaining about Access Denied. I can, however, see the .htm files just fine. I am wondering if anyone has any suggestion as to where to start investigating this issue. I checked the IIS settings for security and they read: Anonomous Access :: checked -- [edit] IUSR_MACHINENAME I have the directory security opened up. When I attempt to access the site, if I access an ASPX resour...

"access to path"...."is denied"
I have a program that opens a csv file and copies all records to a database.  its working fine in development system but when i deploy this to the live system and if i try to copy a csv file on my machine i am getting an error "access to path"..<tempfile.txt> .."is denied.  I am creating a temporary file on the live server and then changing data and then copying records from the temp file to the live databaseThe problem is that the program cannot access the temp file.  Is there a way to change security access rights of the temp file programmatically so tha...

Controlling user access using "allow" "deny"
I have a web form application for deployment on Windows 2000 Server.  I wish to limit access to the web site to a certain group of users, all having accounts on the server.  The authentication mode is "Windows", impersonate ="true"...  From my reading, this seems the perfect situation to use "roles=" within the authentication block.  I must admit, however, that I am not a server admin guru.  What is a "role" in terms of 2000 server?  What sort of group, organizational unit, etc. would be created on the server to act as a "role"?  Any light shed would be app...

A "Forbidden. You were denied access because: Access denied by access control list." appears
  Hello! A few days ago this message started to appear on my ie everytime I try to run a any web application from VS2005: Forbidden You were denied access because: Access denied by access control list.   I gave the user "ASP.NET Machine A..." administrator privileges and even reinstalled VS2005. How do I solve this problem??   Thanks!!!  Dekel C. Is this your problem: http://support.microsoft.com/default.aspx/kb/316699Thanks,MaxLet Me Google That For You!...

errorContext description="Access is denied." code="0x80070005" executeSeqNo="0"
I am installing the Hosted Exchange Sample Web Service Client using - Volume 7: Deploying Hosted Exchange 2003, Book 6: Running Hosted Exchange Reference Architecture. At 7.6.7 To initialize the MPFClient configuration Registry key; I get the error message when clicking the "invoke" button: <?xml version="1.0" encoding="utf-8" ?> <string xmlns="http://provisioning.microsoft.com/webservices"><response><errorContext description="Access is denied." code="0x80070005" executeSeqNo="0" />&...

EnableScriptGlobalization="true", EnableScriptLocalization="true" causing Access denied
Inorder for our non-US users to use my application, I added 2 attributes to my Scriptmanager in my Master Page. EnableScriptGlobalization="true" EnableScriptLocalization="true" When I put my application in a Page Viewer web part on our sharepoint (MOSS), the tabs in my ajax tabcontainer won't work and I get the error icon on the bottom-left part of my status bar (the error icon you get when there's a javascript error on your web page). When I click on the error icon it says "ACCESS DENIED". When I take off the 2 attributes above, everything work...

"Denied" workflows showing as "Approved" in "My Requests"
IDM3.5.1 and UA 3.5.1, Patch N. Basic single workflow. User denies request. It shows as denied in the "Flow Comments and History" but displays as approved in the requestor/recipient's "My Tasks" page. Known bug? Configuration issue? Thanks Rob. Also... Shows as "Status: Approved" in the email sent to the user. None of the entity actions I have programmed in the "Approve" path are enacted, so it appears the denial is working... except in these "visible to the end user" ways. "Rob.S" <rs @ h...

Security allowing "Members" role to access page that is only open to "Administrators"
Hi everyone, I've implemented role-based security on my site. There is a page Calendar_edit.aspx which I want to give access to only Administrators. So in web.config, I've done the following:   <location path="Calendar_edit.aspx">    <system.web>      <authorization>        <allow roles="Administrators"/>        <deny users="Members"/>        <deny users="?&qu...

Error found "Access to the path "C:\Program Files\Microsoft Visual Studio .NET\Crystal Reports\Viewers" is denied. "
Hi guys! i'm trying to solve the error "Err Msg: "Object reference not set to an instance of an object" in ASP.NET app" but when i followed the instructions in the http://community.crystaldecisions.com/library/kbase/articles/c2011144.asp link, this error appeared ""Access to the path "C:\Program Files\Microsoft Visual Studio .NET\Crystal Reports\Viewers" is denied. " What's going on? i already went to the iis to add new virtual directory (CrystalReportWebFormViewer) but different error appeared when i compile and browse my application. pls help ...

URL Authorization and custom "Access Denied" pages.
I'm using roles and url authorization in my app. The problem is that when a user that has already been authenticated tries to access a page that they are not authorized to, they are kicked back to the login page as if they hadn't already authenticated. This is confusing to the user. I'd like for users that haven't been authenticated yet to go to the login page but ones that have should get a custom error page that says "Your account level doesn't give you access. Click here to upgrade". I know I could do this programatically but I would prefer to do it declaritively at the web...

"Access denied"
Hello, I'm having some strange problems on using an ajax asp.net application on my webserver (IIS 5.2 R2, possible problem?)When I call my app on this server, I receive a javascript error on any action like "line 5992 - access denied". Of course there aren't that many lines, so I guessthe problem is based on some ajax code. On my local development system everything runs fine.  Further, I cannot implement the "<trust level>" line in my web.config. If I do, I receivean asp.net error. Any clues?? Thanks in Advance [edit]After some more searching for t...

"An error occurred saving the project file"PortalVBVS.vbproj". Access is denied."
"An error occurred saving the project file"PortalVBVS.vbproj". Access is denied." I have been getting this error msg all the time, anytime I update one of the files. Has anybody seen this error besides me. It been so frusrating I built a complete new system from scratch, and I'm still recieve this msg. I believe that it may be related to one of MS service packs, but It has made my portal useless. Any help would be greatly appreciated, thanks. OS 2000pro with VS2002 aghPeter Nagy Obvious question: do you have write permissions on the Folder? Are any files Read Onl...

Mac OsX -no "page down" or "page up"
Name: Kurt Email: bruderkurt_at_yahoo.com Product: Bon Echo Summary: Mac OsX -no "page down" or "page up" Comments: Congratulations to you on Bon Echo Alpha 1! I'm using OSx for the Mac and the "page down" and "page up" buttons don't operate with Bon Echo (when wanting to scroll the page itself). They haven't operated with earlier Mac Firefox versions either, in my experience. I love Firefox, its speed and features. I'm loving the same and more with Bon Echo Alpha 1. The "page down" and "page up" wor...

Web pages should be accessed with "https" only & not with "http"....?
Hi,I'm developing a online shopping cart where I want to create all my web pages to be opened with "https" only & not with "http". How can I prevent access to my site to be opened with "http"?   Thanks Set IIS to require SSL for the pages/site.  Check www.iis.net for help on IIS. JeffPlease: Don't forget to click "Mark as Answer" on the post that helped you. That way future readers will know which post solved your issue. There are a few cases to think about.  See this blog post for more info.Darrell Norton, MVPDarrell Norton's BlogPlease mark thi...

Web resources about - How to automatically send denied users to "access denied" page, instead of a login prompt only then to be sent to "access denied" page - asp.net.security

Facebook Users Automatically Checked In To Events They RSVPed Yes To
A reader tipped us off that Facebook is automatically checking in users at events that they RSVPed they would attend. continued… New Career ...

Now Users Can Remove Contacts Automatically Saved by Facebook’s Friend Finder
Two weeks ago, many Facebook users began asking questions about curiously good recommendations suddenly appearing in Facebook’s “People You May ...

App Store - Attachments.me- Gmail inbox software to efficiently manage emails, automatically send/upload ...
Get Attachments.me- Gmail inbox software to efficiently manage emails, automatically send/upload files to cloud storage(Dropbox, Box, and G Drive), ...

Automatically organize your desktop icons into shaded areas called Fences! - YouTube
Fences® is the most popular desktop organization tool used by millions of users worldwide. Create shaded areas called "fences" to automatically ...

CSAIL fixes software bugs automatically, in any language, by copying from safer applications
A new system can repair bugs in software using smart processing that imports functionality from other programs, all without access to source ...


Emailing porn at work not automatically sackable, court finds
Australia's federal court has upheld a ruling that emailing pornography in the workplace is not automatically a sackable offence.

Shazam iPhone app now listens for music, TV shows automatically
Shazam has updated its iPhone app to tag songs, TV shows and more on its own, no longer requiring users to open the app and tap a button.

App of the day: Human for iPhone automatically tracks your movements
Human for the iPhone is an activity tracker that automatically distinguishes between different types of movement.

iPhone 5 automatically rotates using Cycloramic App. - YouTube
[NEW VIDEO] Cycloramic 2.0 update teaser vid with panoramic photo preview: http://www.youtube.com/watch?v=cjHUID07xs4 Cycloramic has been Awarded ...

Resources last updated: 1/5/2016 7:39:44 AM