我使用asp.net 3.5 web.config中限制访问权限，它的伟大工程。

I am using asp.net 3.5 web.config to limit access and it works great.

<authentication mode="Windows">
<authorization>
    <allow users="Bill, John"/>
    <deny users="*"/>
</authorization>

未经授权（但身份验证）的用户会被阻止通过一个系统错误消息说：

Unauthorized (but authenticated) users will be blocked by a system error message saying that:

Server Error in '/' Application
Access is denied.
Description: An error occurred while .......
Error message 401.2: Unauthorized: Logon failed due to server configuration ...

为了使消息更友好，我取消了的customErrors标记，在我的项目的根路径创建GenericErrorPage.htm。

In order to make the message more friendly, I uncomment the customErrors flag and create a GenericErrorPage.htm in the root path of my project.

<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
    <error statusCode="403" redirect="NoAccess.htm" />
    <error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>

然而，它只是不工作。我仍然得到了系统错误消息，而不是我的自定义错误页。

However, it just doesn't work. I still get the system error message rather than my custom error page.

任何建议将AP preciated。

Any suggestions will be appreciated.

推荐答案

您不会看到它 - 自定义错误页由ASP.NET应用程序服务，但Windows身份验证服务是由IIS本身

You won't see it - custom error pages are served by the ASP.NET application, but Windows auth is served up by IIS itself.

现在，您可以设置IIS以使用不同的错误页面。对于IIS7这需要一个单独的配置部分;

Now you can set IIS to use different error pages. For IIS7 this needs a separate configuration section;

<system.webServer>
  <httpErrors errorMode="Custom" existingResponse="Auto">
    <error statusCode="403" 
           subStatusCode="-1" 
           prefixLanguageFilePath="" 
           path="C:\inetpub\wwwroot\errors\403.htm" 
           responseMode="File" />
  </httpErrors>
</system.webServer>

你还需要确保应用程序池用户有权访问该路径。

And you'll need to ensure the app pool user has access to that path.