Blank 401 Unauthorized page when authentication fails
https://sharepoint.stackexchange.com//questions/20251
-
29-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a MOSS 2007 webapp with 3 sites:
- Root web with anonymous access enabled
- Subsite with anonymous access enabled
- Subsite with anonymous access disabled
When attempting to open site #3 while not logged in the user is prompted to enter their credentials. However, when those credentials are entered incorrectly 3 times, the prompts stop and the user is taken to a blank page. This page contains nothing, but inspecting IIS logs and using Fiddler 2 confirm that the server is returning 401 Unauthorized.
My question is: Why is a blank page being displayed instead of the standard "access denied" page? How can I either customize this blank page to something else, or get SharePoint to return the standard "access denied" page?
Solution
I imagine the reason is because SharePoint deals with authorisation, not authentication. You won't get SharePoint's access denied page as that is presented in cases where the users is authenticated but not allowed to see the requested resource (i.e. not authorised).
As for a resolution, I imagine you would need to modify the Web app web.config file. This blog contains details on how to do with although I'm not certain that this is the recommended approach.
An alternative (more elegant) solution would be to publish your SharePoint site with a reverse proxy server such as ForeFront TMG. This allows you to present a branded logon form with a custom error message if authentication fails.
