windows authentication: how to catch the case a user entered a wrongpassword

Dan

hi ng,

i have a problem with windows authentificatio n.

i want to forward every user who
1. is not authorized
2. or could not be authenticated
to a login page

-------------------
The scenario is an intranet application that can be used by some defined
active directory users.

web.config is like:
<system.web>
....
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="*" />
</authorization>
</system.web>

<location path="private">
<system.web>
<authorizatio n>
<allow users="x,y,z" />
</authorization>
</system.web>
</location>

<location path="Public">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>

global.asax looks like:
protected void Application_End Request(Object sender, EventArgs e)
{ if((User.Identi ty.IsAuthentica ted)&&(Response .StatusCode ==
401))
{
Response.Redire ct("~/Public/Login.aspx");
}
}

----------------------
it is working when one of the x,y,z users enters the application with
the correct password or a domain user who is not x,y or z tries to enter
the application (with the correct password).
but it is not working when a user is not in active directory or a active
directory user enters a wrong password because in this cases, the user
could not be authenticated.
but i cannot redirect every not authenticated user, because before the
windows authentication form has been submitted, every request is not
authenticated, right?

i am getting a bit desparate, since i already have posted my problem,
with no replies.
maybe i am now able to describe the problem more clear.

thank you very much in advance for any help or suggestions

dan

Nov 19 '05 #1

Subscribe Reply

3833

Tampa .NET Koder

This is a little different for the windows authentication. You must set up
the<customError s> element in the web.config file to catch this unauthorized
message: See link below

http://msdn.microsoft.com/library/de...orssection.asp

The example showed an internal server error 500. So, you will have to add
your own element to catch for Error 403 (i think) for Forbidden. You can
look that one up
"Dan" wrote:

hi ng,

i have a problem with windows authentificatio n.

i want to forward every user who
1. is not authorized
2. or could not be authenticated
to a login page

-------------------
The scenario is an intranet application that can be used by some defined
active directory users.

web.config is like:
<system.web>
....
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="*" />
</authorization>
</system.web>

<location path="private">
<system.web>
<authorizatio n>
<allow users="x,y,z" />
</authorization>
</system.web>
</location>

<location path="Public">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>

global.asax looks like:
protected void Application_End Request(Object sender, EventArgs e)
{ if((User.Identi ty.IsAuthentica ted)&&(Response .StatusCode ==
401))
{
Response.Redire ct("~/Public/Login.aspx");
}
}

----------------------
it is working when one of the x,y,z users enters the application with
the correct password or a domain user who is not x,y or z tries to enter
the application (with the correct password).
but it is not working when a user is not in active directory or a active
directory user enters a wrong password because in this cases, the user
could not be authenticated.
but i cannot redirect every not authenticated user, because before the
windows authentication form has been submitted, every request is not
authenticated, right?

i am getting a bit desparate, since i already have posted my problem,
with no replies.
maybe i am now able to describe the problem more clear.

thank you very much in advance for any help or suggestions

dan

Nov 19 '05 #2

Dan

thanks for your help, but i have already tested <customErrors > in
web.config.
doesn't work.
maybe because the http response code is not like an error code?
dan

Tampa .NET Koder wrote:

This is a little different for the windows authentication. You must set up
the<customError s> element in the web.config file to catch this unauthorized
message: See link below

http://msdn.microsoft.com/library/de...orssection.asp

The example showed an internal server error 500. So, you will have to add
your own element to catch for Error 403 (i think) for Forbidden. You can
look that one up
"Dan" wrote:

hi ng,

i have a problem with windows authentificatio n.

i want to forward every user who
1. is not authorized
2. or could not be authenticated
to a login page

-------------------
The scenario is an intranet application that can be used by some defined
active directory users.

web.config is like:
<system.web >
....
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="*" />
</authorization>
</system.web>

<location path="private">
<system.web>
<authorizatio n>
<allow users="x,y,z" />
</authorization>
</system.web>
</location>

<location path="Public">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>

global.asax looks like:
protected void Application_End Request(Object sender, EventArgs e)
{ if((User.Identi ty.IsAuthentica ted)&&(Response .StatusCode ==
401))
{
Response.Redi rect("~/Public/Login.aspx");
}
}

----------------------
it is working when one of the x,y,z users enters the application with
the correct password or a domain user who is not x,y or z tries to enter
the application (with the correct password).
but it is not working when a user is not in active directory or a active
directory user enters a wrong password because in this cases, the user
could not be authenticated.
but i cannot redirect every not authenticated user, because before the
windows authentication form has been submitted, every request is not
authenticated , right?

i am getting a bit desparate, since i already have posted my problem,
with no replies.
maybe i am now able to describe the problem more clear.

thank you very much in advance for any help or suggestions

dan

Nov 19 '05 #3

Similar topics

2466

Basic WWW Authentication function fails

by: Phil Powell | last post by:

/*-------------------------------------------------------------------------------------------- This function will utilize the ability to use HTTP-based WWW Authentication, checking for the global authorized password against the password entered in the client project's CSV file. Will not function unless this password exists. See http://www.php.net/manual/en/features.http-auth.php for more info...

PHP

2610

Passing windows credentials from server to server.

by: Wade Wegner | last post by:

Hello, I have been desperately trying to programmatically authenticate a windows user, create their credentials, and then redirect them to a different server while passing the credentials at the same time so that they don't have to login again. Specifically, I have two webservers in the same domain. When I have a user go to Webserver A (which uses basic authentication) I programmatically create either a user credential or impersonate...

ASP.NET

4859

Windows Authentication Logout

by: Stuart Shay | last post by:

Hello All: I am using Windows Authentication in my VB/ASP.NET Intranet Web Application. How do I create a method that will release the authentication Token, so the user will no longer have access to any of the resources on the site?

ASP.NET

517

Forms Authentication

by: Manny Chohan | last post by:

I am using forms authetication in the web config. i can validate a user against a database and click on images which makes hidden panels visible.However when i click on the link inside a panel which should take user to another pages, it defaults them back to the login page prompting them to enter username and password. Could someone please shed some light on this on how i can fix this issue? Thanks Manny

ASP.NET

4047

Windows Authentication through Active Directory

by: Hriday | last post by:

Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to Pop up windows Authentication box so that user will give his userId, Password & domain name for authenticaion. After that I want to take these three info of user and make a search in Active Directory.

Visual Basic .NET

3685

WEB Service access to Windows Service

by: Doug Bailey | last post by:

I am trying to control a Windows Service via a Web Service interface. (I am developing in .NET2003) I am using the ServiceController object which allows me to read the state of the services with no problems. However, I am not able to start or stop the service unless I go through the process of impersonating an administrative user. (See MSDN KB 306158) Since it appears to be a privilege issue, I set the folders in IIS holding the Web...

.NET Framework

1213

Catch Failed IIS Windows Authentication

by: Jared | last post by:

Hi I am developing an intranet based ASP.NET application. Due to high security on site the application needs to run accross two separate domains (only http and https ports are open). The application autenticates users via a form and security info is held in a database table. When users are on either domain they have the same windows username, but the application server is only running on one domain.

ASP.NET

2671

Possible? Authentication using Windows/Active directory, but access SQL Server using Membership class

by: Andy | last post by:

Hi, I was wondering if someone could advise on if the following is possible. I have one website that is available to the public using Forms authentication and the Membership class, it creates/stores user information in a SQL Server 2005 db. I have another website that will administer the first website, allowing admins to look at all of the users in the db and see specific info from the database.The admin site is more secure than the...

ASP.NET

1892

Windows Service Account

by: Matt Lowrance | last post by:

I'm hoping someone can give me a little guidance. I have written a simple Windows Service that goes out and scrapes a few web pages and updates some data in an access database. The service works correctly in the IDE and trying to be a good citizen I set it to run as "Local Service" when I install it. However once installed it fails silently. My log eventlog message saying the the DB was updated successfully is written, however the...

.NET Framework

8427

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8851

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8525

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8627

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7356

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

4335

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2750

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

1975

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

1737

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General