/
HTTP Error 401.2 appears after failing to authenticate or clicking Cancel when using Windows authentication

HTTP Error 401.2 appears after failing to authenticate or clicking Cancel when using Windows authentication

Owned by Pooja Gupta 2 (Unlicensed)
Jun 02, 2021
4 min read

You may experience HTTP Error 401.2 when attempting to access EmpowerID using Windows authentication:

This error will appear if you click Cancel or fail to authenticate 3 or more times. This behavior can be changed to redirect the user back to the EmpowerID login page.

  1. Open a text editor of your choice (such as Notepad) and enter the following contents:

<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="1;url=https://FQDN/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite">
<script type="text/javascript">
window.location.href = "https://FQDN/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite"
</script>
<title>Page Redirection</title>
</head>
<body>
If you are not redirected automatically, follow the <a href='https://FQDN/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite'>link to authenticate</a>
</body>
</html>

  1. Replace all instances of the text 

FQDN with the EmpowerID URL used in your environment. For example, if EmpowerID is located at server.company.com, the following modifications would be made:

<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="1;url=https://server.company.com/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite">
<script type="text/javascript">
window.location.href = "https://server.company.com/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite"
</script>
<title>Page Redirection</title>
</head>
<body>
If you are not redirected automatically, follow the <a href='https://server.company.com/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite'>link to authenticate</a>
</body>
</html>

  1. Click File > Save As... and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IDP.Forms

Replace X:\ with the drive letter where EmpowerID is installed.

In the Save As window that appears, in the File Name field, enter the following, exactly as shown:

"401.htm"

  1. Open 

Windows Explorer and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IDP.Forms

In this folder you will see a web.config file. Open this file in a text editor of your choice and find the following section:

<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="QueryStringLocale" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.QueryStringLocaleModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<httpRedirect enabled="false"/>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

Please modify this section to read as follows, inserting the bolded XML directly below the <system.webServer> line:

<system.webServer>
<httpErrors errorMode="Custom">
<error statusCode="401" subStatusCode="2" prefixLanguageFilePath="" path="401.htm" responseMode="File" />
</httpErrors>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="QueryStringLocale" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.QueryStringLocaleModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<httpRedirect enabled="false"/>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

NOTE: web.config files are case sensitive. Malformed web.config files will cause an outage in EmpowerID services. Please be careful when modifying web.config files in a production environment.

  1. Open 

Windows Explorer and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IDP.Forms

Copy 401.htm and paste it into the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IdP.Windows

  1. Open 

Windows Explorer and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IdP.Windows

In this folder you will see a web.config file. Open this file in a text editor of your choice and find the following section:

<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

Please modify this section to read as follows, inserting the bolded XML directly below the <system.webServer> line:

<system.webServer>
<httpErrors errorMode="Custom">
<error statusCode="401" subStatusCode="2" prefixLanguageFilePath="" path="401.htm" responseMode="File" />
</httpErrors>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

The end user will now be redirected back to the EmpowerID login page if they fail to authenticate using Windows authentication.

Please feel free to contact us by e-mail at support@empowerid.com or by phone at (877) 996-4276 (Option 2) if you have any questions or concerns regarding this guide.

Related content