asp.net windows authentication

On Oct 2, 7:58*pm, "DK" <bushido...@hotmail.comwrote:

There's another app on another server in our domain that is set up the exact
same way (as far as I can tell) and you go directly to the Access Denied

For the same user? Check if user has no stored password for that site
in Control Panel - User Accounts. If there's nothing, check IE
settings, under Security, "Prompt for logon" or similar. If "Access
Denied" page is a custom page, check if non-authorized users have
access to it.

Hello DK,

And check Truster site either, becase as Alexey noted your site can be in
one of those group with the "automatic logon" settings

---
WBR,
Michael Nemtsev [Microsoft MVP] :: blog: http://spaces.live.com/laflour
:: http://twitter.com/laflour

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo
DI have an intranet application I've built using asp.net 3.5 / running
Don IIS6.
D>
DThe problem: when a user trys to access a page that they do not have
Daccess to, they are given the annoying windows authentication popup,
Dwhich is useless because they are denied in the web.config file.
DAfter 3 tries or hitting cancel, they are then directed to the Access
DDenied page.
D>
DHow can I get rid of that popup ???
D>
DIn my main web.config I have this:
D<authentication mode="Windows"/>
D<authorization>
D<deny users="?"/>
D</authorization>
Dother web.configs would look like this:
D<system.web>
D<authorization>
D<allow roles="MyDomain\AllowedRoles"/>
D<deny users="*"/>
D</authorization>
DIn IIS6 under Directory Security Authentication Methods everything
Dis cleared except Integrated Windows Authentication.
D>
DThere's another app on another server in our domain that is set up
Dthe exact same way (as far as I can tell) and you go directly to the
DAccess Denied page. There must be something stupid that I'm missing.
D>
DIt's not the end of the world but I'd like to solve this.....Thanks.
D>

this is normal. if the browser requests a resource and get a 401 (access
denied), the browser asks a new login. you could write a handler that
checked for the 401 and if the user had sent a valid login, redirect to
an access denied page instead of responding with a 401.

-- bruce (sqlwork.com)
DK wrote:

I have an intranet application I've built using asp.net 3.5 / running on
IIS6.

The problem: when a user trys to access a page that they do not have
access to, they are given the annoying windows authentication popup,
which is useless because they are denied in the web.config file. After 3
tries or hitting cancel, they are then directed to the Access Denied page.

How can I get rid of that popup ???

In my main web.config I have this:
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>

other web.configs would look like this:
<system.web>
<authorization>
<allow roles="MyDomain\AllowedRoles"/>
<deny users="*"/>
</authorization>

In IIS6 under Directory Security Authentication Methods everything is
cleared except Integrated Windows Authentication.

There's another app on another server in our domain that is set up the
exact same way (as far as I can tell) and you go directly to the Access
Denied page. There must be something stupid that I'm missing.

It's not the end of the world but I'd like to solve this.....Thanks.