I have been trying this from last two days. I am not getting whats the problem. I searched the web but didn't find any solution. i tried all the settings of IIS like "Moving negotiate down, disable other authentication" but doesn't work. SO here is my problem: I have a intranet web application in ASP.NET which is using username and passwords stored in Active Directory. I have five different pages in my application. All the pages are stored in a separate folders with their web.config files. These web.config files have names of the users which are allowed to view that page like this.
<authorization>
<allow users="Domainname\username"/>
</authorization>
I want to redirect those users who are not in the above list to other error page with appropriate message. I used this
protected void Application_EndRequest(object sender, EventArgs e) {
if (HttpContext.Current.Response.Status.StartsWith("401"))
{
HttpContext.Current.Response.ClearContent();
Response.Redirect("~/myerrorpage.aspx?myerrormsg=you are not allowed");
}
This is working in Localhost but when I am putting my application in IIS because of this all authorize users(those who are in list) are also redirecting to the error message page.
When I remove it from IIS, it is working, but I am not able to redirect unauthorized users to error message page. I have also tried with Error pages settings of IIS but having the same problem.
Please suggest me what should I do? Is there is any other way to do it?
If you are using Windows authentication then you should keep this in mind- If you are manually enabling windows authentication in IIS the please do not include the code below in your web.config
if you use this, it will cause the same problem as I stated above in my question.