Error information displayed on the URL
I have the same user/password page on 2 different windows servers. Both IIS7
When I type an incorrect username/password on server 1 I get redirected to my incorrect password page and the URL shows:
http://www.server1.com/Passwordincorrect.asp?valid=1
Which is correct. BUT.
On server two it shows more of the error message in the URL. In fact if the user is correct but the password isn't it will give those details in the URL. I think this may be an IIS configuration. Can you please shed some light on what to change so it doesn't display that additional information on server2 ?
https://www.server2.com/Passwordincorrect.asp?ErrMessage=Cannot%20login.<br>Username%20not%20foun
When I type an incorrect username/password on server 1 I get redirected to my incorrect password page and the URL shows:
http://www.server1.com/Passwordincorrect.asp?valid=1
Which is correct. BUT.
On server two it shows more of the error message in the URL. In fact if the user is correct but the password isn't it will give those details in the URL. I think this may be an IIS configuration. Can you please shed some light on what to change so it doesn't display that additional information on server2 ?
https://www.server2.com/Passwordincorrect.asp?ErrMessage=Cannot%20login.<br>Username%20not%20foun
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you share it without the sensitive information?
ASKER
Its on a client's website so if possible I rather not. but I copied the error as displayed in the URL and simply changed the domain name to server2
Question is why the same code and same DB in one server shows as URL1 with no error displayed inside the URL and on the second one it shows all those details ?
Question is why the same code and same DB in one server shows as URL1 with no error displayed inside the URL and on the second one it shows all those details ?
I have to see what does the code do when a login error happens.
Does it throw a 403 and let IIS deal with it? Does it have switches that let it display different errors? Maybe there is a dependency like a configuration file that is different between servers?
Does it throw a 403 and let IIS deal with it? Does it have switches that let it display different errors? Maybe there is a dependency like a configuration file that is different between servers?
ASKER
This is the error displayed on the URL of the browser:
https://server2.com/Passwordincorrect.asp?ErrMessage=Cannot%20login.<br>Username%20not%20foun
https://server2.com/Passwordincorrect.asp?ErrMessage=Cannot%20login.<br>Username%20not%20foun
Since you won't share the server side, let's look at the client side.
Does it happen on the same browser?
Which browser is that?
Please open the developer console (F12 on FF or chrome) and tell what headers are received from each server on the login requests.
Does it happen on the same browser?
Which browser is that?
Please open the developer console (F12 on FF or chrome) and tell what headers are received from each server on the login requests.
ASKER
Happens in Internet explorer 11
Happens with any Browser. I just tested the same ASP files and DB on a third server and first and third server works fine:
https://ourserver/Passwordincorrect.asp?valid=1
Their server displays:
https://server2.com/tco/Passwordincorrect.asp?ErrMessage=Cannot%20login.%3Cbr%3EUsername%20not%20found.
-- Where can I see the headers in the Console ? I am using ie 11
Happens with any Browser. I just tested the same ASP files and DB on a third server and first and third server works fine:
https://ourserver/Passwordincorrect.asp?valid=1
Their server displays:
https://server2.com/tco/Passwordincorrect.asp?ErrMessage=Cannot%20login.%3Cbr%3EUsername%20not%20found.
-- Where can I see the headers in the Console ? I am using ie 11
Press F12.
Click Network.
Start network capture (or press F5 while in the console).
Retry the web page
Double click the request from the list, it opens the headers tab.
Click Network.
Start network capture (or press F5 while in the console).
Retry the web page
Double click the request from the list, it opens the headers tab.
ASKER
Seems like a script was passing the error to the URL, for some reason one out of the three servers would actually display it in the URL. Thanks for the help.
ASKER
Thanks for the patience.
ASKER