469,954 Members | 1,791 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,954 developers. It's quick & easy.

Authentication and custom errors

I have an intranet application that uses w2k Integrated
Windows Authentication to authenticate users. We now have
a situation where people will be accessing it who are on
our network but will not be logged into w2k - so now they
are challenged and fail the challenge.
To handle that situation I plan to use iis custom errors
with one of the 401 codes to redirect the user to a
generic page.
The problem is that I cant figure out how to exactly
simulate the problem on my local machine for development,
as by definition Im of course logged into my own computer.
Ive decided to put basic authentication on the folder
where the authentication occurs, and then fail its
challenge, use the redirect, etc. Once this works, then
hopefully I can made some minor changes and use it with
Integrated Windows.
My question is whether this will be a valid simulation:
do those 2 authentication systems work in the same manner
with custom errors? In other words, I dont want to write
a solution for basic auth that doesnt work (with minor
tweaks - for example Im not sure if the same http error is
thrown) with integrated auth.
Thanks, Mark
Jul 19 '05 #1
1 2052
Do not use basic authentication on your intranet. This will send any login
information as clear text, which can be compromised by anyone who is
authenticated. If you plan to use Basic, then consider adding SSL to the
mix. If you want to keep Windows authentication, then use the idea below.

You can setup the ability for those who are outside your domain access to
the site using Windows authentication. What I did was create a global group
on the PDC; adding those who needed access internally. Then I created a
local group on the web server adding in the Global group and the individuals
outside the domain into this local group; giving the necessary permissions.
This allowed user's in DC to login and have access to WebPages that returned
their files, which were located in Colorado.

Since my pages were ASP, I was able to code in messages to user's who tried
to access areas they were not authorized.

Hope this helps.
"Mark Aurit" <ma********@ngc.com> wrote in message
news:01****************************@phx.gbl...
I have an intranet application that uses w2k Integrated
Windows Authentication to authenticate users. We now have
a situation where people will be accessing it who are on
our network but will not be logged into w2k - so now they
are challenged and fail the challenge.
To handle that situation I plan to use iis custom errors
with one of the 401 codes to redirect the user to a
generic page.
The problem is that I cant figure out how to exactly
simulate the problem on my local machine for development,
as by definition Im of course logged into my own computer.
Ive decided to put basic authentication on the folder
where the authentication occurs, and then fail its
challenge, use the redirect, etc. Once this works, then
hopefully I can made some minor changes and use it with
Integrated Windows.
My question is whether this will be a valid simulation:
do those 2 authentication systems work in the same manner
with custom errors? In other words, I dont want to write
a solution for basic auth that doesnt work (with minor
tweaks - for example Im not sure if the same http error is
thrown) with integrated auth.
Thanks, Mark

Jul 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Winnie | last post: by
3 posts views Thread by Kris van der Mast | last post: by
11 posts views Thread by xenophon | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.