Forcing a custom http 401 unauthorized page in asp net


ASP.NET is a popular programming language used for building web applications. One in web development is the ability to handle access to certain pages or resources. In this article, we will explore how to force a custom HTTP 401 Unauthorized page in ASP.NET.

Understanding HTTP 401 Unauthorized

HTTP 401 Unauthorized is a code that indicates the client's request lacks valid authentication credentials for the target resource. When a user tries to access a protected page without proper authentication, the server responds with a 401 status code and typically redirects the user to a default login page.

Customizing the 401 Unauthorized Page

By default, ASP.NET provides a built-in login page for handling unauthorized access. However, you may want to customize this page to the look and feel of your application or provide additional information to the user.

To force a custom 401 Unauthorized page, you can leverage the web.config file in your ASP.NET application. This file contains configuration settings for the application, including error handling.

Modifying the web.config File

To modify the web.config file, open it in a text and locate the section. Within this section, add the following code:


The customErrors element specifies the mode as “On” to custom error handling. The defaultRedirect attribute specifies the default page to to in case of an error. In this case, we set it to “Unauthorized.aspx”.

The error element within the customErrors element specifies the specific error code to handle. In this case, we set it to “401” for unauthorized access. The redirect attribute specifies the page to redirect to when this error occurs.

Creating the Custom Unauthorized Page

Now that we have configured the web.config file, we need to the custom unauthorized page. In this example, we will create a page named “Unauthorized.aspx”.

Open your ASP.NET project in Visual Studio and add a new web form named “Unauthorized.aspx”. Customize this page as per your requirements, adding relevant content, styling, and any additional functionality you need.

Testing the Custom Unauthorized Page

To test the custom unauthorized page, try accessing a protected page without proper authentication. The server should respond with a 401 status code and redirect you to the custom unauthorized page you created.

For example, if you have a protected page named “ProtectedPage.aspx”, try accessing it without logging in. You should be to the “Unauthorized.aspx” page.


By modifying the web.config file and creating a custom unauthorized page, you can force a custom HTTP 401 Unauthorized page in ASP.NET. This allows you to provide a personalized user experience and handle unauthorized access in a way that aligns with your application's requirements.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents