Authentication and custom errors

[Mark Aurit]

I have an intranet application that uses w2k Integrated
Windows Authentication to authenticate users. We now have
a situation where people will be accessing it who are on
our network but will not be logged into w2k - so now they
are challenged and fail the challenge.
To handle that situation I plan to use iis custom errors
with one of the 401 codes to redirect the user to a
generic page.
The problem is that I cant figure out how to exactly
simulate the problem on my local machine for development,
as by definition Im of course logged into my own computer.
Ive decided to put basic authentication on the folder
where the authentication occurs, and then fail its
challenge, use the redirect, etc. Once this works, then
hopefully I can made some minor changes and use it with
Integrated Windows.
My question is whether this will be a valid simulation:
do those 2 authentication systems work in the same manner
with custom errors? In other words, I dont want to write
a solution for basic auth that doesnt work (with minor
tweaks - for example Im not sure if the same http error is
thrown) with integrated auth.
Thanks, Mark

[GVaught]

Do not use basic authentication on your intranet. This will send any login
information as clear text, which can be compromised by anyone who is
authenticated. If you plan to use Basic, then consider adding SSL to the
mix. If you want to keep Windows authentication, then use the idea below.

You can setup the ability for those who are outside your domain access to
the site using Windows authentication. What I did was create a global group
on the PDC; adding those who needed access internally. Then I created a
local group on the web server adding in the Global group and the individuals
outside the domain into this local group; giving the necessary permissions.
This allowed user's in DC to login and have access to WebPages that returned
their files, which were located in Colorado.

Since my pages were ASP, I was able to code in messages to user's who tried
to access areas they were not authorized.

Hope this helps.


"Mark Aurit" <mark.aurit@ngc.com> wrote in message
news:017101c3788c$0b8f6f90$a401280a@phx.gbl...

> I have an intranet application that uses w2k Integrated
> Windows Authentication to authenticate users. We now have
> a situation where people will be accessing it who are on
> our network but will not be logged into w2k - so now they
> are challenged and fail the challenge.
> To handle that situation I plan to use iis custom errors
> with one of the 401 codes to redirect the user to a
> generic page.
> The problem is that I cant figure out how to exactly
> simulate the problem on my local machine for development,
> as by definition Im of course logged into my own computer.
> Ive decided to put basic authentication on the folder
> where the authentication occurs, and then fail its
> challenge, use the redirect, etc. Once this works, then
> hopefully I can made some minor changes and use it with
> Integrated Windows.
> My question is whether this will be a valid simulation:
> do those 2 authentication systems work in the same manner
> with custom errors? In other words, I dont want to write
> a solution for basic auth that doesnt work (with minor
> tweaks - for example Im not sure if the same http error is
> thrown) with integrated auth.
> Thanks, Mark