Created
August 14, 2013 19:32
-
-
Save steve-jansen/6234700 to your computer and use it in GitHub Desktop.
Preventing IIS Integrated Windows Authentication from prompting authenticated users for a new username/password when permission to a URL is denied.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Script language="C#" runat="server"> | |
| void Application_EndRequest() { | |
| // rewrite HTTP 401s to HTTP 403s if the user is authenticated using | |
| // integrated Windows auth with impersonation, but, | |
| // the user lacks permissions to the requested URL | |
| if (Context.User != null && | |
| Context.User.Identity != null && | |
| Context.User.Identity.IsAuthenticated && | |
| Context.User is System.Security.Principal.WindowsPrincipal && | |
| Context.Response.StatusCode == 401) | |
| { | |
| Context.Response.Clear(); | |
| Context.Response.StatusCode = 403; | |
| } | |
| } | |
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <security> | |
| <authorization> | |
| <remove users="*" roles="" verbs="" /> | |
| <add accessType="Allow" roles="Domain Users" /> | |
| </authorization> | |
| </security> | |
| <modules runAllManagedModulesForAllRequests="true" /> | |
| </system.webServer> | |
| </configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment