How to customise 401 Authorization Required

Forum Moderators: open

Message Too Old, No Replies

How to customise 401 Authorization Required

galahad2

1:27 pm on May 20, 2010 (gmt 0)

Hi,

We're running a Microsoft 2000 Server Standard server, with IIS5. Our intranet is set up and people can log in externally fine, with three attempts to log in before they get the "401 Authorization Required" error page.

The problem is this page. I really need to find a way of editing the content, particularly as in the footer it gives details of the hostname/IP of the server, plus other info.

So I went into IIS and the Custom Errors tab, but although there are various 401.x errors in there, none of them are just 401 with default text "Authorization Required". It seems as if the custom error isn't even in IIS, although it must be.

I tried changing the various other 401.x error codes from this tab, by pointing them to a 401.htm file, but this din't work.

Does anyone know how I can edit this page please as it's really urgent?

Thanks!

dstiles

7:47 pm on May 20, 2010 (gmt 0)

In some cases I think browsers can ignore returned text and substitute their own. Could that be it? Try another browser.

I run custom 404 pages on IIS5 and IIS6 with no KNOWN problems, although there are interceptors such as Bare Fruit that ignore such pages and serve up adverts.

galahad2

9:59 am on May 21, 2010 (gmt 0)

Tried Firefox, Opera and Chrome and all give the same error.

Someone on another forum mentioned using .htaccess but surely that would be for Apache webserver.

dstiles

10:33 pm on May 21, 2010 (gmt 0)

Forms of htaccess are available for IIS but you have to buy it for older IIS versions. The latest IIS has it incorporated. I doubt it would help but I'm not certain.

The correct place to change the error handler is in the IIS Manager, as you originally noted. As long as you have the error handler selected to FILE and you put in a proper ASP or HTML page somewhere on a proper web site and set the FILE URL to point to it that should work. Obviously you have to decide whether to set ALL sites to use the new handlers or select them on an individual site basis.

You're correct that there is no simple 401 error handler, of course and in view of that I would not expect such an error to ever be issued. There is no reason why you can't set all the 401 versions to point to a common file, though, possibly re-issuing the appropriate error code/message from there.

galahad2

10:24 am on May 24, 2010 (gmt 0)

Hmm, I tried pointing all the various error codes listed inside IIS (401.1, 401.2 etc.) to a 401.htm which I placed in the wwwroot folder, but the "Authorizatrion Required" error keeps coming up as before- and it's bizarre how this specific error page doesn't seem to be listed in the Custom Errors tab in IIS- which would explain why I can't edit the custom error!

Changing the other 401.x errors to point to 401.htm hasn't done a thing, unfortunately. So I have no idea where to go from here...

dstiles

9:15 pm on May 24, 2010 (gmt 0)

At this point, assuming I hadn't already done so, I would do an extensive online search for info starting at microsoft. :)

Mind you, I almost never find anything by searching on the MS site: I always have to go to google or similar. Which then directs me to a dead MS page... :(

I wonder if 401 is controlled directly by the login service itself, although there is nothing to suggest it in the Directory Security tab.