Custom 401 page in IIS with ASP.NET

问题

I have an internet facing ASP.NET website which I want to secure via Windows Authentication. I set my web.config file as:

<system.web>
 <authentication mode="Windows" />
 <authorization>
    <allow users="*"/>
    <deny users="?"/>        
 </authorization>

I have then disabled Anonymous Access and enabled Windows Authentication in IIS 7.5.

This results in the prompt box being displayed for my Windows credentials, however clicking 'Cancel' gives me a standard 401 error page. I would like to display a static HTML file in place of this message, however I've not been able to get it working and I've tried a combination of various settings such as:

<httpErrors errorMode="Custom" existingResponse="Replace" lockAllAttributesExcept="errorMode"> <error statusCode="401" prefixLanguageFilePath="c:\inetpub\custerr" path="MyCustom401.htm" /> </httpErrors>

and

<customErrors mode="Off" defaultRedirect="ErrorPage.aspx">
    <error statusCode="401" redirect="MyCustom401.aspx" />
</customErrors>

What I would like to happen is that anyone entering the correct Windows credentials can carry onto the website as normal, but those with invalid or details to see the custom HTML page.

Can anyone point me in the right direction?

Thanks!

回答1:

One thing to make sure is that you are allowing anonymous users access to the path where the error files are included otherwise they won't get the error page. For example here is a configuration file that should give you the intended results if your error files are in a directory (errors). First it disables anonymous access for all the site, but then opens it for the "errors" folder:

<configuration>
    <system.webServer>
        <security>
            <authorization>
                <add accessType="Deny" users="?" />
            </authorization>
        </security>
        <httpErrors errorMode="Custom">
            <error statusCode="401" subStatusCode="2" path="/errors/unauthorized.aspx" responseMode="ExecuteURL" />
        </httpErrors>
    </system.webServer>

    <location path="errors">
        <system.webServer>
            <security>
                <authorization>
                    <clear />
                    <add accessType="Allow" users="*" />
                </authorization>
            </security>
        </system.webServer>
    </location>
</configuration>

来源：https://stackoverflow.com/questions/32468174/custom-401-page-in-iis-with-asp-net