当前位置: 文江博客话题详情

如何在 Windows 身份验证中使用自定义错误页面

发布于 2024-10-23 13:04:20 字数 843 浏览 1 评论 0原文

我正在使用 asp.net 3.5 web.config 来限制访问,效果很好。

<authentication mode="Windows">
<authorization>
    <allow users="Bill, John"/>
    <deny users="*"/>
</authorization>

未经授权(但经过身份验证)的用户将被系统错误消息阻止,其中显示:

Server Error in '/' Application
Access is denied.
Description: An error occurred while .......
Error message 401.2: Unauthorized: Logon failed due to server configuration ...

为了使消息更友好,我取消注释 customErrors 标志并在项目的根路径中创建 GenericErrorPage.htm。

<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
    <error statusCode="403" redirect="NoAccess.htm" />
    <error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>

然而,它就是行不通。我仍然收到系统错误消息,而不是我的自定义错误页面。

任何建议将不胜感激。

原文

I am using asp.net 3.5 web.config to limit access and it works great.

<authentication mode="Windows">
<authorization>
    <allow users="Bill, John"/>
    <deny users="*"/>
</authorization>

Unauthorized (but authenticated) users will be blocked by a system error message saying that:

Server Error in '/' Application
Access is denied.
Description: An error occurred while .......
Error message 401.2: Unauthorized: Logon failed due to server configuration ...

In order to make the message more friendly, I uncomment the customErrors flag and create a GenericErrorPage.htm in the root path of my project.

<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
    <error statusCode="403" redirect="NoAccess.htm" />
    <error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>

However, it just doesn't work. I still get the system error message rather than my custom error page.

Any suggestions will be appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

爱要勇敢去追 2024-10-30 13:04:20

您不会看到它 - 自定义错误页面由 ASP.NET 应用程序提供,但 Windows 身份验证由 IIS 本身提供。

现在您可以将 IIS 设置为使用不同的错误页面。对于 IIS7,这需要一个单独的配置部分

<system.webServer>
  <httpErrors errorMode="Custom" existingResponse="Auto">
    <error statusCode="403" 
           subStatusCode="-1" 
           prefixLanguageFilePath="" 
           path="C:\inetpub\wwwroot\errors\403.htm" 
           responseMode="File" />
  </httpErrors>
</system.webServer>

您需要确保应用程序池用户有权访问该路径。

You won't see it - custom error pages are served by the ASP.NET application, but Windows auth is served up by IIS itself.

Now you can set IIS to use different error pages. For IIS7 this needs a separate configuration section;

<system.webServer>
  <httpErrors errorMode="Custom" existingResponse="Auto">
    <error statusCode="403" 
           subStatusCode="-1" 
           prefixLanguageFilePath="" 
           path="C:\inetpub\wwwroot\errors\403.htm" 
           responseMode="File" />
  </httpErrors>
</system.webServer>

And you'll need to ensure the app pool user has access to that path.

回复 原文
水中月 2024-10-30 13:04:20

没有在其他场景中对此进行测试,但查看了此 中的一些建议类似问题的详细文章

另一个问题是:

由于授权要求,对错误页面的访问被阻止

解决方案是在 web.config 中使用 属性。请参阅链接以获取更详细的解释,但这里有一个片段:

<!-- in the same root web config file-->
<configuration>
    <system.web>
        <authorization>
        <allow users="Bill, John"/>
        <deny users="?" />
        </authorization>
    </system.web>

    <!-- the page specific authorization-->   
    <location path="GenericErrorPage.htm"> <!-- other ones for your other pages-->
        <system.web>
        <authorization>
        <allow users="*" />
        </authorization>
        </system.web>
    </location>

</configuration>

Not having tested this in other scenarios, but looking at some of the suggestions from this detailed article for a similar problem.

The other problem turned out to be:

the access to the error page was blocked by the authorization requirements.

The solution was to use a attribute in the web.config. refer to the link for more detailed explanation but here's a snippet:

<!-- in the same root web config file-->
<configuration>
    <system.web>
        <authorization>
        <allow users="Bill, John"/>
        <deny users="?" />
        </authorization>
    </system.web>

    <!-- the page specific authorization-->   
    <location path="GenericErrorPage.htm"> <!-- other ones for your other pages-->
        <system.web>
        <authorization>
        <allow users="*" />
        </authorization>
        </system.web>
    </location>

</configuration>
回复 原文
孤独难免 2024-10-30 13:04:20

change :

<customErrors mode="RemoteOnly" />

mode 属性可以是以下之一:

* On – error details are not shown to anybody, even local users. If you specified a custom error page it will be always used.
* Off – everyone will see error details, both local and remote users. If you specified a custom error page it will NOT be used.
* RemoteOnly – local users will see detailed error pages with a stack trace and compilation details, while remote users with be presented with a concise page notifying them that an error occurred. If a custom error page is available, it will be shown to the remote users only.

向访问者显示简洁但不太漂亮的错误页面仍然不够好,因此您需要组合一个自定义错误页面并以这种方式指定它:

<customErrors
       mode="RemoteOnly" 
       defaultRedirect="~/errors/GeneralError.aspx" 
/>

change :

<customErrors mode="RemoteOnly" />

The mode attribute can be one of the following:

* On – error details are not shown to anybody, even local users. If you specified a custom error page it will be always used.
* Off – everyone will see error details, both local and remote users. If you specified a custom error page it will NOT be used.
* RemoteOnly – local users will see detailed error pages with a stack trace and compilation details, while remote users with be presented with a concise page notifying them that an error occurred. If a custom error page is available, it will be shown to the remote users only.

Displaying a concise yet not-so-pretty error page to visitors is still not good enough, so you need to put together a custom error page and specify it this way:

<customErrors
       mode="RemoteOnly" 
       defaultRedirect="~/errors/GeneralError.aspx" 
/>
回复 原文
~没有更多了~

关于作者

情泪▽动烟

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文