Intranet Security

Intranet Security

am 17.05.2007 17:14:02 von Spechty

I have a test intranet site set up. I have IIS set for Integrated Security.
IIS server is in a domain. and only domain PCs will access the intranet.
the URL is http:\\Intranet.

I have NTFS settings on the folders for the site. I have several folders
that only specific users/groups who will only be allowed access. In my
testing I use a user who does not have access to these pages. And I get
prompted for credentials. I would like to redirect the user to a denied page
instead of credentials. how could I accomplish this?

Thanks

Re: Intranet Security

am 20.05.2007 06:39:39 von Ken Schaefer

You need to write some code so that a 401 (Unauthorized) is not sent to the
browser.

In the current situation, IIS is detecting that the user doesn't have
permissions to the page, and is sending a HTTP 401 response back. It is then
up to the browser to decide what to do. By default a browser will put up a
credentials dialogue allowing the user to supply alternate credentials that
might be acceptable (which is useful in case the user ever made a typo in
their password, or they need to use alternate credentials).

In your case, you need to override this 401 response, and send back
something else (e.g. 200 OK) and the HTML content you want to display.

You can certainly customise the 401 error page itself, but it is up to the
browser to decide whether to display this or not. By default, most browsers
will allow the user 3 goes at the password before they will display your
custom 401 page.

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken


"Spechty" wrote in message
news:CF680942-0D75-440E-8104-6934386DDC80@microsoft.com...
>I have a test intranet site set up. I have IIS set for Integrated
>Security.
> IIS server is in a domain. and only domain PCs will access the intranet.
> the URL is http:\\Intranet.
>
> I have NTFS settings on the folders for the site. I have several folders
> that only specific users/groups who will only be allowed access. In my
> testing I use a user who does not have access to these pages. And I get
> prompted for credentials. I would like to redirect the user to a denied
> page
> instead of credentials. how could I accomplish this?
>
> Thanks