Any way to display a "bad password entered" message at https logon

Our management want's us to be able to display a message when users attempt
to logon to one of our secure sites. Now if a user enters an incorrect
password. the logon window just flashes and clears out any username and
password that was entered. Short of writing custom code, is there any way
withing IIS to display some sort of user feedback?
--
Sandy Wood
Orange County District Attorney

Re: Any way to display a "bad password entered" message at https logon

What sort of authentication are you attempting to do?

If it's forms based auth (e.g. user enters credentials into a HTML form),
then IIS has no knowledge of whether the user is authenticated or not (it's
just displayed HTML pages). You need to write some code to display
appropraite HTML.

If it's HTTP based authN (e.g. the browser pops up a dialogue box asking the
user to enter credentials), then this isn't controlled by IIS either. IIS is
just sending a HTTP 401 status to the browser, and it's the browser that
then chooses to display the credentials dialogue box (or not). The only way
here would be to change what IIS does (i.e. not send back a 401
Unauthorized, but a 200 OK instead, with your custom message)

Cheers
Ken
--
My IIS blog: http://adopenstatic.com/blog


"Sandy Wood" wrote in message
news:5444DC16-55C7-41EF-BE67-B9E58D15A1CE@microsoft.com...
> Our management want's us to be able to display a message when users
> attempt
> to logon to one of our secure sites. Now if a user enters an incorrect
> password. the logon window just flashes and clears out any username and
> password that was entered. Short of writing custom code, is there any way
> withing IIS to display some sort of user feedback?
> --
> Sandy Wood
> Orange County District Attorney

Re: Any way to display a "bad password entered" message at https l

We're doing HTTP based auth, NT Authentication. Looks like we'll need to
write some custom code in any case.
--
Sandy Wood
Orange County District Attorney


"Ken Schaefer" wrote:

> What sort of authentication are you attempting to do?
>
> If it's forms based auth (e.g. user enters credentials into a HTML form),
> then IIS has no knowledge of whether the user is authenticated or not (it's
> just displayed HTML pages). You need to write some code to display
> appropraite HTML.
>
> If it's HTTP based authN (e.g. the browser pops up a dialogue box asking the
> user to enter credentials), then this isn't controlled by IIS either. IIS is
> just sending a HTTP 401 status to the browser, and it's the browser that
> then chooses to display the credentials dialogue box (or not). The only way
> here would be to change what IIS does (i.e. not send back a 401
> Unauthorized, but a 200 OK instead, with your custom message)
>
> Cheers
> Ken
> --
> My IIS blog: http://adopenstatic.com/blog
>
>
> "Sandy Wood" wrote in message
> news:5444DC16-55C7-41EF-BE67-B9E58D15A1CE@microsoft.com...
> > Our management want's us to be able to display a message when users
> > attempt
> > to logon to one of our secure sites. Now if a user enters an incorrect
> > password. the logon window just flashes and clears out any username and
> > password that was entered. Short of writing custom code, is there any way
> > withing IIS to display some sort of user feedback?
> > --
> > Sandy Wood
> > Orange County District Attorney
>
>

Re: Any way to display a "bad password entered" message at https l

Well remember that, ultimately, it is up to the browser to decide what to
display. If you are sending back a 401 HTTP status, then the browser will
(most likely) just popup the dialogue again.

You'd need to change the HTTP status (e.g. via an ISAPI filter, or module if
you are using IIS 7) so as to have the browser display your message.

You then have the issue of how do you get the server to send another 401
later so that the user can attempt to authenticate again :-)

Cheers
Ken

"Sandy Wood" wrote in message
news:ADA7CBBF-243A-4FEA-90A5-B10E84EB1DE7@microsoft.com...
> We're doing HTTP based auth, NT Authentication. Looks like we'll need to
> write some custom code in any case.
> --
> Sandy Wood
> Orange County District Attorney
>
>
> "Ken Schaefer" wrote:
>
>> What sort of authentication are you attempting to do?
>>
>> If it's forms based auth (e.g. user enters credentials into a HTML form),
>> then IIS has no knowledge of whether the user is authenticated or not
>> (it's
>> just displayed HTML pages). You need to write some code to display
>> appropraite HTML.
>>
>> If it's HTTP based authN (e.g. the browser pops up a dialogue box asking
>> the
>> user to enter credentials), then this isn't controlled by IIS either. IIS
>> is
>> just sending a HTTP 401 status to the browser, and it's the browser that
>> then chooses to display the credentials dialogue box (or not). The only
>> way
>> here would be to change what IIS does (i.e. not send back a 401
>> Unauthorized, but a 200 OK instead, with your custom message)
>>
>> Cheers
>> Ken
>> --
>> My IIS blog: http://adopenstatic.com/blog
>>
>>
>> "Sandy Wood" wrote in message
>> news:5444DC16-55C7-41EF-BE67-B9E58D15A1CE@microsoft.com...
>> > Our management want's us to be able to display a message when users
>> > attempt
>> > to logon to one of our secure sites. Now if a user enters an incorrect
>> > password. the logon window just flashes and clears out any username and
>> > password that was entered. Short of writing custom code, is there any
>> > way
>> > withing IIS to display some sort of user feedback?
>> > --
>> > Sandy Wood
>> > Orange County District Attorney
>>
>>