Continuing from the last post on customizing 401 error page on IIS, there’s a different way to do so by using 302 Redirection.
Using this method is actually a bit more simple to do, it’s just that you have to create a second website with a landing page to serve as your error page. Not everyone has this privilege to just have a second instance created in production environment, so it’s always good to have more options.
When you need to restrict access to your web application on IIS, any unauthorized users will see the standard 401 Error Page from IIS:
401 – Unauthorized: Access is denied due to invalid credentials. You do not have permision to view this directory or page using the credentials that you supplied.
Instead of serving a default 401 Error Page, it’s always good to show a customized 401 page that is more user-friendly. Here’s a one way to do it by using a page redirect.
Steps to Use Custom 401 Error Page using 302 Redirect in IIS
Create an HTML page as our custom 401 page. In this example, it will be called ITNOTA-Custom-401.htm.
Create an instance in IIS just for this file and set this file as the main landing page (or use it as your index.htm). For this example, we’ll set this up as fwd.itnota.com with a file name of ITNota-Custom-401.htm.
Next, launch Internet Information Services (IIS) Manager and click on your site on the left pane.
Click on Error Pages.
On the next screen, you will see a list of default error pages according to its Status Code. In this example, we want to select 401.
On the Edit Custom Error Page window, click on the Respond with a 302 redirect radio button and type in the URL of the second website where your custom 401 page resides, including the file name, then click OK.
That’s all there is to it.
As a test, we can try to load the page and this is also where using 302 redirect is different than using a static page within the same instance. If using Windows Authentication, you will not see the Windows Security screen to enter your NTID and password. It does the authentication in the background and if you’re not authorized, you will right away be redirected to the second web page that hosts the 401 custom page.
Yes, it’s almost like an anti-climax to see a plain custom 401 error page being displayed. I hope you can come up with a much better design than my example to make all the effort worthwhile.
This setting for a custom 401 using 302 redirect works for both ASP.NET and Classic ASP.