I have simple web application called App that is secured with Windows Authentication. I have set identity impersonate to true in web.config. There is only one page (Default.aspx) in App directory. When user enters the site ex.: http://localhost/App the login window pops up. When user clicks Cancel, IIS redirects to page with an error 401.2. I want to redirect to http://localhost/App/app_start/login.aspx. App_start is an aplication that is secured with Forms Authentication. I tried to handle programmatically the redirection by adding Application_EndRequest method in Global.asax file. But when user clicks Cancel the Application_EndRequest is not being fired. When user successfully logs in the method is being fired. Is there any way to handle error 401.2 programmatically or maybe in a different way?

Application_EndRequest code:

if (Response.StatusCode == 401)



     Response.Write("You don't have access to content.");

The web.config file of App application:

<?xml version="1.0" encoding="UTF-8"?>
    <compilation debug="true" targetFramework="4.0" />
    <authentication mode="Windows" />
    <identity impersonate="true" />
    <machineKey decryptionKey="hidden from forum" validationKey="hidden from forum" />

Thanks for help.



Member Avatar for simongh2

First off, do you need to use identity.impersonate? It's only useful for accessing resources, such as files or a DB as the logged user. It also won't work with Forms Auth.

You need to turn the problem on it's head & do some crafty IIS setup. Switch your app to forms auth and make sure IIS is set to allow anonymous access. Set your login page to require windows auth only. in the code for that page, check the servers headers. I can't remember what it's called, but it'll contain the username is the user logged in using windows Auth. Create a forms auth ticker using it & continue.

Set the url for the 401.2 error in IIS to point at your 2nd login page. Here you prompt for credentials & process them however you need, the create a forms auth ticket and away you go. You'll need to add a location section to your web.config file so that your app shows this page to unauthenticated users.

I hope that all makes sense


Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.