tags:

views:

78

answers:

3
+1  Q: 

Why is IIS 7 showing me a default 403 page?

I have setup an asp.net 4.0 site where if someone tries to access an authorized area they get redirected to a SignIn page and the status is set to 403.

On my local machine it redirects to the SignIn page with the 403 status. On IIS 7 I get a nasty 403 Forbidden page instead of the SignIn page.

How can I get it to work on IIS 7 like it does on my Local?

A: 

I would check to make sure the authentication settings in your web.config file are the same in both environments.

EDIT

You might also be running into a problem with the anonymous authentication identity. I've run into this issue myself when first moving a site to IIS7. MSDN has a page the runs through your possible options.

Matt Peterson  2010-08-04 21:30:05
+1  A: 

By "nasty" it sounds like you mean that IIS is throwing up its default 403 err message page. You could set the custom 403 error in IIS to redirect the user to your friendly signin page.

Not sure that's the best design, necessarily, but it probably would solve your problem based on how you've explained it...

LesterDove  2010-08-04 21:31:11
I had to give it to the other guy due to the code, but I bumped it up.
chobo  2010-08-06 20:17:32
+2  A: 

IIS has default pages for all the HTTP error codes. You can override these in IIS to redirect to your own page.

IIS also recognizes the ASP.NET tag in the web.config file and uses that first if it's available, so you will need to setup your custom errors tags as follows:

<customErrors defaultRedirect="defaultError.aspx" mode="On">
   <error statusCode="403" redirect="my403page.aspx"/>
</customErrors>

Hope this is what you're after. You can also use forms authentication in ASP.NET to achieve this, it uses cookies but works quite well with the scenario you described, unless you specifically need them to be redirected to a 403 page.

husainnz  2010-08-04 22:04:40
You mention forms authentication. Is there somewhere in the forms tag in the web.config I can set this? I just need to handle a redirect if authentication fails. For other 403 errors it can go to the default page.
chobo  2010-08-05 19:16:30
Sorry for the delay in response - forms authentication is a built in authentication mechanism in ASP.NET. You can set it through the <authentication> tag in your web.config. More info here: http://msdn.microsoft.com/en-us/library/ff647070.aspx
husainnz  2010-08-06 12:30:32
I kind of set this up weird, so this answer works. Thanks
chobo  2010-08-06 20:16:44

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps