Error information displayed on the URL

I have the same user/password page on 2 different windows servers. Both IIS7

When I type an incorrect username/password on server 1 I get redirected to my incorrect password page and the URL shows:

http://www.server1.com/Passwordincorrect.asp?valid=1

Which is correct. BUT.

On server two it shows more of the error message in the URL. In fact if the user is correct but the password isn't it will give those details in the URL. I think this may be an IIS configuration. Can you please shed some light on what to change so it doesn't display that additional information on server2  ?

https://www.server2.com/Passwordincorrect.asp?ErrMessage=Cannot%20login.<br>Username%20not%20found.
LVL 1
AleksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shalom CarmelCTOCommented:
Is it a form based login?
If the answer is yes,  then you probably don't have the same login code on both servers and it probably has nothing to do with IIS configuration.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AleksAuthor Commented:
Its the exact same code. Same ASP file.
0
Shalom CarmelCTOCommented:
Can you share it without the sensitive information?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

AleksAuthor Commented:
Its on a client's website so if possible I rather not. but I copied the error as displayed in the URL and simply changed the domain name to server2

Question is why the same code and same DB in one server shows as URL1 with no error displayed inside the URL and on the second one it shows all those details ?
0
Shalom CarmelCTOCommented:
I have to see what does the code do when a login error happens.
Does it throw a 403 and let IIS deal with it? Does it have switches that let it display different errors? Maybe there is a dependency like a configuration file that is different between servers?
0
AleksAuthor Commented:
This is the error displayed on the URL of the browser:

https://server2.com/Passwordincorrect.asp?ErrMessage=Cannot%20login.<br>Username%20not%20found.
0
Shalom CarmelCTOCommented:
Since you won't share the server side, let's look at the client side.

Does it happen on the same browser?
Which browser is that?

Please open the developer console (F12 on FF or chrome) and tell what headers are received from each server on the login requests.
0
AleksAuthor Commented:
Happens in Internet explorer 11
Happens with any Browser. I just tested the same ASP files and DB on a third server and first and third server works fine:

https://ourserver/Passwordincorrect.asp?valid=1

Their server displays:

https://server2.com/tco/Passwordincorrect.asp?ErrMessage=Cannot%20login.%3Cbr%3EUsername%20not%20found.

-- Where can I see the headers in the Console ?  I am using ie 11
0
Shalom CarmelCTOCommented:
Press F12.
Click Network.
Start network capture (or press F5 while in the console).
Retry the web page
Double click the request from the list, it opens the headers tab.
0
AleksAuthor Commented:
Seems like a script was passing the error to the URL, for some reason one out of the three servers would actually display it in the URL. Thanks for the help.
0
AleksAuthor Commented:
Thanks for the patience.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.