I'm trying to implement Peter Bromberg's Digest authentication .dll (http://www.eggheadcafe.com/articles/20030701.asp); and have it working quite well. One thing I've noticed though that I can't figure out. If a user cancels the request, they receive a .NET 401 application error page - not the Response.Write "Access Denied". I've tried every way I can think of to customize that page - customErrors in web.config, capturing the HttpApplication.Error event, configuring the IIS default error page, etc, but nothing seems to work. Any ideas on how I can get rid of this ugly default error page? Interesting to note, it only occurs the first time. Once the user clicks the OK button (to attempt authentication and gets rejected) and then clicks the "Cancel" button, the customized error page appears.
My feeling is that when the Digest authentication prompt appears, nothing is fired through the web application yet. It thinks you're not allowed in yet. When you click the "OK" button from the authentication prompt, it instantiates the OnAuthenticateRequest method. If you click Cancel on a second attempt, I think it disposes of the AuthenticationRequest object and behaves properly. But if you click Cancel the first time, OnAuthenticateRequest has yet to be called, so it just spits out an error.
If anyone knows how to get around this problem I'd really appreciate the help.
Thanks.
=================================== This list is hosted by DevelopMentor� http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
