I’ve found a few pages concerning this on Google and on here but none have seemed to have fixed the issue that I’m seeing. I’m using IIS 7.5. The website uses windows authentication and to access any of the site the user must be logged in (occurs automatically when the first page is loaded). If the user does not have access to the site then they should get a 401 or a 403, I’m trying to create a simple htm custom error page for this. The error page is in an Errors folder which has anonymous authentication set up on it.
If I try to load the site and force failed authentication then I just get the standard Server Error page with a HTTP Error 401, it doesn’t look like it’s trying to load the error page. If I try to load the error page itself then that works fine.
There are no authorisation bits, if a user is logged on then have access to the whole site and if the user can’t authenticate then they have access only to the error page. I’ve added the following section to my web.config:
<customErrors mode="On" defaultRedirect="~/Errors/AuthenticationError.htm">
<error statusCode="401" redirect="~/Errors/AuthenticationError.htm" />
<error statusCode="403" redirect="~/Errors/AuthenticationError.htm" />
</customErrors>
Any help would be very much appreciated!
OK I’ve managed to crack this, IIS 7.5 seems to happily ignore customErrors so httpErrors has to be used in the system.webServer section. You also seem to have to declare errorMode=”Custom”. My resulting code block is:
I have a feeling that this sets the entire site to use non-detailed error pages even on pages that aren’t included in the section. There is an option to show custom errors remotely and detailed errors locally so that may be a possible work-around.
This webpage is the best one that I found that highlighted all this.