Custom Error pages

[Rich]

Hi All,

I have a windows authenticated web site - a sub directory
has been secured by denying various roles. When access is
denied the default error page for 401.2 is displayed -
How can I customise my own access denied page?
I have tried custom error tags in the web.config but that
doesnt seem to work, nor does changing the IIS error page
settings.

Any ideas?

Cheers,
Rich

[Ken Schaefer]

You can attempt to customise the page (and IIS will send the customised
page - you can check using network sniffer), but it is up to the browser to
decide what to display. Most (if not all) browsers will *not* display custom
content when the HTTP status from the server is 401 - they will either
display a logon dialogue box -or- they will display an "access denied" error
message (after three, or whatever, failed attempts). This is a security
measure on the part of the browser.

What you would need to do is intercept the 401.2 HTTP status, and change it
to something else (eg 200 OK), and then you can server whatever content you
want.

Cheers
Ken

"Rich" <anonymous@discussions.microsoft.com> wrote in message
news:07d601c503c0$5959aae0$a401280a@phx.gbl...

> Hi All,
>
> I have a windows authenticated web site - a sub directory
> has been secured by denying various roles. When access is
> denied the default error page for 401.2 is displayed -
> How can I customise my own access denied page?
> I have tried custom error tags in the web.config but that
> doesnt seem to work, nor does changing the IIS error page
> settings.
>
> Any ideas?
>
> Cheers,
> Rich
>