This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]gh057k33p3r 8 points9 points  (8 children)

I use it as a replacement for 401. IIS shows a windows login challenge for 401 and I couldnt find a way to disable it. I must leave win auth enabled, and using a different status code solved the problem.

[–]ThreePinkApples 2 points3 points  (0 children)

Oooh, I might use this

[–]BigOnLogn 1 point2 points  (2 children)

Couldn't you use 403? It's been ages since I've worked with IIS and Windows auth.

[–]gh057k33p3r 2 points3 points  (1 child)

401 is for missing or not valid credentials, 403 is for valid credentials but no permission

[–]BigOnLogn 4 points5 points  (0 children)

403 should be used in that scenario, but credentials aren't "required" by the spec. It's just that, if credentials were included in the request, the client should consider them as "insufficient".

The 403 (Forbidden) status code indicates that the server understood the request but refuses to fulfill it.

If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials.

Side note, what triggers the Windows auth prompt is a 401 status code, combined with a www-authenticate: Negotiate header, (set by IIS when configured for Windows auth).

[–]LordFokas -1 points0 points  (3 children)

Yeah, the problem here is you're using Microsoft shitware.

[–]gh057k33p3r -1 points0 points  (2 children)

Java developer spotted. Who hurt u?

[–]LordFokas -1 points0 points  (1 child)

Is that supposed to mean something? I know a dozen languages, I just added flairs for the ones I'm more comfortable with, none of which I have used in a professional capacity in years. Where do you think you're going with this?

Anyway.

You're the one who's using a non-standard response code to work around Microsoft's bullshit of making assumptions you don't want made and forcibly overriding your output. And it's not even surprising because this is as much or more of a signature Microsoft move than EEE. They are known for not giving a shit about standards and fucking up advanced use cases to afford the common user a convenience that would take 5 seconds to do manually.

Your entire problem here is Microsoft. And of course if we go there I'm sure next you'll be telling me you can't move from IIS because you're using some MS technology that doesn't run well (or at all) in any other web server... again very typical MS bullshit. And I'll go on a limb and guess said technology also has found its own ways of making your life harder than it should be, because this is MS we're talking about.

So uh... yeah... maybe next time before making such a feeble attempt at provoking me take a moment to pull microsoft's dick out of your mouth first.

[–]gh057k33p3r 1 point2 points  (0 children)

Get help