HTTP Error 401.2 appears after failing to authenticate or clicking Cancel when using Windows authentication

You may experience HTTP Error 401.2 when attempting to access EmpowerID using Windows authentication:

This error will appear if you click Cancel or fail to authenticate 3 or more times. This behavior can be changed to redirect the user back to the EmpowerID login page.

  1. Open a text editor of your choice (such as Notepad) and enter the following contents:

<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="1;url=https://FQDN/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite">
<script type="text/javascript">
window.location.href = "https://FQDN/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite"
</script>
<title>Page Redirection</title>
</head>
<body>
If you are not redirected automatically, follow the <a href='https://FQDN/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite'>link to authenticate</a>
</body>
</html>

  1. Replace all instances of the text 

FQDN with the EmpowerID URL used in your environment. For example, if EmpowerID is located at server.company.com, the following modifications would be made:

<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta http-equiv="refresh" content="1;url=https://server.company.com/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite">
<script type="text/javascript">
window.location.href = "https://server.company.com/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite"
</script>
<title>Page Redirection</title>
</head>
<body>
If you are not redirected automatically, follow the <a href='https://server.company.com/EmpowerIDWebIdPForms/Providers/Select?ServiceProvider=EmpowerIDWebSite'>link to authenticate</a>
</body>
</html>

  1. Click File > Save As... and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IDP.Forms

Replace X:\ with the drive letter where EmpowerID is installed.

In the Save As window that appears, in the File Name field, enter the following, exactly as shown:

"401.htm"

  1. Open 

Windows Explorer and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IDP.Forms

In this folder you will see a web.config file. Open this file in a text editor of your choice and find the following section:

<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="QueryStringLocale" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.QueryStringLocaleModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<httpRedirect enabled="false"/>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

Please modify this section to read as follows, inserting the bolded XML directly below the <system.webServer> line:

<system.webServer>
<httpErrors errorMode="Custom">
<error statusCode="401" subStatusCode="2" prefixLanguageFilePath="" path="401.htm" responseMode="File" />
</httpErrors>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="QueryStringLocale" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.QueryStringLocaleModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<httpRedirect enabled="false"/>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

NOTE: web.config files are case sensitive. Malformed web.config files will cause an outage in EmpowerID services. Please be careful when modifying web.config files in a production environment.

  1. Open 

Windows Explorer and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IDP.Forms

Copy 401.htm and paste it into the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IdP.Windows

  1. Open 

Windows Explorer and navigate to the following directory:

X:\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.IdP.Windows

In this folder you will see a web.config file. Open this file in a text editor of your choice and find the following section:

<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

Please modify this section to read as follows, inserting the bolded XML directly below the <system.webServer> line:

<system.webServer>
<httpErrors errorMode="Custom">
<error statusCode="401" subStatusCode="2" prefixLanguageFilePath="" path="401.htm" responseMode="File" />
</httpErrors>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<remove name="FormsAuthentication"/>
<add name="CloakHttpHeaderModule" type="TheDotNetFactory.EmpowerID.Web.Core.Modules.CloakHttpHeaderModule, TheDotNetFactory.EmpowerID.Web.Core, Version=1.0.0.0, Culture=neutral"/>
</modules>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<urlCompression doStaticCompression="true" doDynamicCompression="true"/>
</system.webServer>

The end user will now be redirected back to the EmpowerID login page if they fail to authenticate using Windows authentication.

Please feel free to contact us by e-mail at support@empowerid.com or by phone at (877) 996-4276 (Option 2) if you have any questions or concerns regarding this guide.