Custom Error Page Using Digest Authentication

W

Wayne Carlaw

I'm trying to implement Peter Bromberg's Digest authentication .dll
(http://www.eggheadcafe.com/articles/20030701.asp); and have it working
quite well. One thing I've noticed though that I can't figure out. If a
user cancels the request, they receive a .NET 401 application error page -
not the Response.Write "Access Denied". I've tried every way I can think of
to customize that page - customErrors in web.config, capturing the
HttpApplication.Error event, configuring the IIS default error page, etc,
but nothing seems to work. Any ideas on how I can get rid of this ugly
default error page? Interesting to note, it only occurs the first time.
Once the user clicks the OK button (to attempt authentication and gets
rejected) and then clicks the "Cancel" button, the customized error page
appears.

My feeling is that when the Digest authentication prompt appears, nothing is
fired through the web application yet. It thinks you're not allowed in yet.
When you click the "OK" button from the authentication prompt, it
instantiates the OnAuthenticateRequest method. If you click Cancel on a
second attempt, I think it disposes of the AuthenticationRequest object and
behaves properly. But if you click Cancel the first time,
OnAuthenticateRequest has yet to be called, so it just spits out an error.

If anyone knows how to get around this problem I'd really appreciate the
help.

Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,228
Members
46,817
Latest member
AdalbertoT

Latest Threads

Top