tags:

views:

1122

answers:

2
+1  Q: 

Trouble getting ASP.NET MVC app to redirect to error page for unauthorized users

I've got the following set up in the web.config of my ASP.NET MVC application:

<authentication mode="Windows" />
<authorization>
    <allow roles="MySecurityGroup"/>
    <deny users="*"/>
</authorization>
<customErrors mode="On" defaultRedirect="Error.aspx">
    <error statusCode="401" redirect="Help.aspx"/>
</customErrors>

Everything works fine if you are in MySecurityGroup, but if you're not, you are not redirected to either Error.aspx or Help.aspx. (Note that Error.aspx lives in Views\Shared while Help.aspx is in Views\Home.) All you get is the default error:

Server Error in '/' Application.

Access is denied.

Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

What am I doing wrong?

UPDATE: Now my web.config is set up like this, and it's still not working:

<system.web>
    <customErrors mode="On" defaultRedirect="Help.aspx">
    </customErrors>
</system.web>

<location path="">
    <system.web>
        <authorization>
            <allow roles="MySecurityGroup"/>
            <deny users="*"/>
        </authorization>
    </system.web>
</location>

<location path="Help">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

Note that I can navigate to MyApp/Help just fine and am correctly banned from the rest of the site, but it never redirects to the Help page automatically.

+1  A: 

You have to explicitly give access to other groups to Error.aspx and/or Help.aspx so they can actually get to the pages. The way you have it set up right now, only MySecurityGroup users can get to the pages.

You'll need something like this:

<location path="Error.aspx">
 <system.web>
   <authorization>
    <allow users="*"/>
   </authorization>
 </system.web>
</location>

and the same for Help.aspx. Alternatively you can do this at a folder level.

Joseph  2009-06-16 16:18:08
Makes perfect sense, but for some reason this is not working for me. I put this code right after the close of the original <system.web> section, but I'm not getting any different results. For simplicity I'm not even worrying about Help.aspx, just Error.aspx.
gfrizzle  2009-06-16 17:53:11
A: 

Do you want the the error and help pages handled by mvc or asp.net? Currently you are treating the pages like mvc views yet you have redirect urls that map to the asp.net pipeline. At a guess move error and help into the root directory of the site and it should work

Neal  2009-10-10 03:41:32

related questions

Never produce to an unknown pathway, in software too? [Toyota principle]
What is the best way to collect/report unexpected errors in .NET Window Applications?
What are the principles guiding your exception handling policy?
Exceptions: Is this a good practice?
How would you get the Sql Command objects for a Given TableAdaptor and SqlDataAdaptor in C# (.NET 2.0)
How to catch all exceptions in Flex?
Sql Server 2005 error handling - inner exception
Error handling in BASH
How to capture crash logs in Java
Php function argument error suppression, empty() isset() emulation
Print stack trace information from C#
How do you manage your app when the database goes offline?
Can I detect and handle MySQL Warnings with PHP?
How to catch unhandled exceptions when using .NET Remoting
Error handling / error logging in C++ for library/app combo
How to Catch an exception in a using block with .NET 2.0?
How to catch SQLServer timeout exceptions
.NET - Throwing Exceptions best practices
How do I log uncaught exceptions in PHP?
What's the best way to report errors from a SharePoint workflow?
Is there a method for handling errors from COM objects in RDML?
How do you log errors (Exceptions) in your ASP.NET apps?
Using unhandled exceptions instead of Contains()?
Global Exception Handling for winforms control
Reducing duplicate error handling code in C#?