使用ASP.NET的IIS中的自定义401页 [英] Custom 401 page in IIS with ASP.NET
问题描述
我有一个面向Internet的ASP.NET网站,希望通过Windows身份验证进行保护.我将web.config文件设置为:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
然后我禁用了匿名访问并在IIS 7.5中启用了Windows身份验证.
这将导致显示有关我的Windows凭据的提示框,但是单击取消"会给我一个标准的401错误页面.我想显示一个静态HTML文件来代替此消息,但是我无法使其正常运行,并且尝试了各种设置的组合,例如:
<httpErrors errorMode="Custom" existingResponse="Replace" lockAllAttributesExcept="errorMode"> <error statusCode="401" prefixLanguageFilePath="c:\inetpub\custerr" path="MyCustom401.htm" /> </httpErrors>
和
<customErrors mode="Off" defaultRedirect="ErrorPage.aspx">
<error statusCode="401" redirect="MyCustom401.aspx" />
</customErrors>
我想发生的事情是,只要输入正确的Windows凭据,任何人都可以正常访问该网站,但是那些无效或具有详细信息的人可以查看自定义HTML页面.
有人能指出我正确的方向吗?
谢谢!
要确保的一件事是,您允许匿名用户访问包含错误文件的路径,否则他们将不会获得错误页面.例如,这是一个配置文件,如果您的错误文件位于某个目录(错误)中,则应为您提供预期的结果.首先,它禁用了所有站点的匿名访问,然后为错误"文件夹打开了它:
<configuration>
<system.webServer>
<security>
<authorization>
<add accessType="Deny" users="?" />
</authorization>
</security>
<httpErrors errorMode="Custom">
<error statusCode="401" subStatusCode="2" path="/errors/unauthorized.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
<location path="errors">
<system.webServer>
<security>
<authorization>
<clear />
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
</location>
</configuration>
I have an internet facing ASP.NET website which I want to secure via Windows Authentication. I set my web.config file as:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
I have then disabled Anonymous Access and enabled Windows Authentication in IIS 7.5.
This results in the prompt box being displayed for my Windows credentials, however clicking 'Cancel' gives me a standard 401 error page. I would like to display a static HTML file in place of this message, however I've not been able to get it working and I've tried a combination of various settings such as:
<httpErrors errorMode="Custom" existingResponse="Replace" lockAllAttributesExcept="errorMode"> <error statusCode="401" prefixLanguageFilePath="c:\inetpub\custerr" path="MyCustom401.htm" /> </httpErrors>
and
<customErrors mode="Off" defaultRedirect="ErrorPage.aspx">
<error statusCode="401" redirect="MyCustom401.aspx" />
</customErrors>
What I would like to happen is that anyone entering the correct Windows credentials can carry onto the website as normal, but those with invalid or details to see the custom HTML page.
Can anyone point me in the right direction?
Thanks!
One thing to make sure is that you are allowing anonymous users access to the path where the error files are included otherwise they won't get the error page. For example here is a configuration file that should give you the intended results if your error files are in a directory (errors). First it disables anonymous access for all the site, but then opens it for the "errors" folder:
<configuration>
<system.webServer>
<security>
<authorization>
<add accessType="Deny" users="?" />
</authorization>
</security>
<httpErrors errorMode="Custom">
<error statusCode="401" subStatusCode="2" path="/errors/unauthorized.aspx" responseMode="ExecuteURL" />
</httpErrors>
</system.webServer>
<location path="errors">
<system.webServer>
<security>
<authorization>
<clear />
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
</location>
</configuration>
这篇关于使用ASP.NET的IIS中的自定义401页的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
