Users are not redirected to the page that contains the custom error message when you design an application that uses impersonation in ASP.NET (902239)


The information in this article applies to:

  • Microsoft ASP.NET (included with the .NET Framework 1.1)

SYMPTOMS

When you design an application that uses impersonation in Microsoft ASP.NET, users are not redirected to the page that contains the custom error message.

You implement impersonation by using the following code. 
<authentication mode="Windows" /> 
<identity impersonate="true" userName="Domain\User" password="Password"/>
This problem occurs when you use the following code in the Web.config file. 
<customErrors mode="On" >
<error statusCode="401" redirect="unauthorized.htm" />
</customErrors>

WORKAROUND

To work around this problem, redirect to the custom error page by using the following code in the Global.asax file. 
Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
' This exception is raised when an error occurs.
Dim ex As Exception = Server.GetLastError().GetBaseException()

If ex.GetType Is Type.GetType("System.UnauthorizedAccessException") Then
Server.ClearError()
Response.Redirect("unauthorized.htm")
End If
End Sub

MORE INFORMATION

Steps to reproduce the problem

  1. Create a virtual directory. Set the virtual directory to use Integrated Microsoft Windows Authentication.
  2. Create a sample .aspx file that contains server side code. Name the file Sample.aspx. Put the file in the virtual directory that you created in step 1.
  3. For all accounts except the ASPNET account, deny NTFS file system permissions on the Sample.aspx file.
  4. Create a Web.config file that uses the following code. Put the file in the virtual directory that you created in step 1. 
    <customErrors mode="On" >
<error statusCode="401" redirect="unauthorized.htm" />
</customErrors>

<authentication mode="Windows" /> 
<identity impersonate="true" userName="Domain\User" password="Password"/>
  5. Create an HTML file that contains custom text. Name the file Unauthorized.htm. Put the file in the virtual directory that you created in step 1.
  6. In a browser, view the Sample.aspx file. You are not redirected to the Unauthorized.htm file.
Modification Type:MajorLast Reviewed:6/13/2005
Keywords:kbtshoot kbprb KB902239 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.