|
Home > Archive > IIS Server Security > December 2004 > Locked User Accounts On IIS 5.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Locked User Accounts On IIS 5.0
|
|
| wallywombat 2004-12-21, 5:56 pm |
| Is there a way I can customize an http error message so that if the
users account is locked out that it displays a message stating that the
account is locked out rather than the normal access denied message
(401).
Chad
| |
| Scilabop 2004-12-21, 5:56 pm |
| Hi Chad,
I am working on this too. But I haven't got a clue. You might want to read
my posting of "identify disabled users and bad passwards" on Dec. 17. Hope
to share any information we get.
Thanks.
Ally
"wallywombat" <wallywombat@gmail.com> wrote in message
news:1103649832.016501.232700@c13g2000cwb.googlegroups.com...
> Is there a way I can customize an http error message so that if the
> users account is locked out that it displays a message stating that the
> account is locked out rather than the normal access denied message
> (401).
>
> Chad
>
| |
| Bernard 2004-12-22, 2:47 am |
| Unless you are doing your own authentication check, and OS replied you with
the correct status. AFAIK, you can't achieve this with built IIS
authentication and log file status code.
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Scilabop" <scilabop@Xuvic.ca> wrote in message
news:eY8KD165EHA.1408@TK2MSFTNGP10.phx.gbl...
> Hi Chad,
>
> I am working on this too. But I haven't got a clue. You might want to read
> my posting of "identify disabled users and bad passwards" on Dec. 17. Hope
> to share any information we get.
>
> Thanks.
>
> Ally
>
>
> "wallywombat" <wallywombat@gmail.com> wrote in message
> news:1103649832.016501.232700@c13g2000cwb.googlegroups.com...
>
>
| |
| Ken Schaefer 2004-12-22, 2:47 am |
| Generally, no.
You can create a customised 401 error page BUT it is up to the browser to
decide what to display to the user. For 401 error, IE always displays the
Access Denied message that you see - you can't customise that.
What you'd need to do is see what the HTTP status is (eg in ISAPI filter, or
ASP.NET HTTP Module) and /change/ the status to something else (eg 200 OK),
and then the browser can be tricked into displaying your custom page.
I could be wrong about the above, but I'm reasonably certain that it is
correct.
Cheers
Ken
"wallywombat" <wallywombat@gmail.com> wrote in message
news:1103649832.016501.232700@c13g2000cwb.googlegroups.com...
> Is there a way I can customize an http error message so that if the
> users account is locked out that it displays a message stating that the
> account is locked out rather than the normal access denied message
> (401).
>
> Chad
>
| |
| Scilabop 2004-12-22, 5:54 pm |
| Having my own authentication check would involve other security issues. I
think I'd take advantage of the built IIS one.
I now have an idea in my mind. When an authentication fails, the HTTP 401
error triggers a script, which queries the security event log with a WMI
object, and identifies the failure reason with the EventCode, for an
example, 531 for disabled account.
I haven't figured out how the vbscript codewould look like. The first
problem I encountered here is mapping the HTTP 401 error to an URL. What
Bernard replied on my posting on Dec.17 seems to be right. I just can't do
the URL mapping. Annoying...
Ally
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:eFIePy95EHA.3736@TK2MSFTNGP10.phx.gbl...
> Unless you are doing your own authentication check, and OS replied you
with
> the correct status. AFAIK, you can't achieve this with built IIS
> authentication and log file status code.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Scilabop" <scilabop@Xuvic.ca> wrote in message
> news:eY8KD165EHA.1408@TK2MSFTNGP10.phx.gbl...
read[vbcol=seagreen]
Hope[vbcol=seagreen]
>
>
| |
| Bernard 2004-12-23, 2:47 am |
| :-) that's IIS
--
Regards,
Bernard Cheah
http://www.tryiis.com/
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Scilabop" <scilabop@Xuvic.ca> wrote in message
news:elGOG8E6EHA.4028@TK2MSFTNGP15.phx.gbl...
> Having my own authentication check would involve other security issues. I
> think I'd take advantage of the built IIS one.
> I now have an idea in my mind. When an authentication fails, the HTTP 401
> error triggers a script, which queries the security event log with a WMI
> object, and identifies the failure reason with the EventCode, for an
> example, 531 for disabled account.
> I haven't figured out how the vbscript codewould look like. The first
> problem I encountered here is mapping the HTTP 401 error to an URL. What
> Bernard replied on my posting on Dec.17 seems to be right. I just can't do
> the URL mapping. Annoying...
>
> Ally
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:eFIePy95EHA.3736@TK2MSFTNGP10.phx.gbl...
> with
> read
> Hope
>
>
|
|
|
|
|