Here's my Application_OnError event sink in global.asax.vb:
Sub Application_OnError(ByVal sender As Object, ByVal e As EventArgs)
Dim innerMostException As Exception = getInnerMostException(Me.Context.Error)
If TypeOf innerMostException Is AccessDeniedException Then
Security.LogAccessDeniedOccurrence(DirectCast(innerMostException, AccessDeniedException))
Dim fourOhThree As Integer = DirectCast(HttpStatusCode.Forbidden, Integer)
Throw New HttpException(fourOhThree, innerMostException.Message, innerMostException)
End If
End Sub
You'll see that if we've got an innermost Exception of type AccessDeniedException we throw a new HTTPExcpetion with a status code of 403 AKA 'forbidden'
Here's the relevant web.config entry:
<customErrors defaultRedirect="~/Application/ServerError.aspx" mode="On">
<error statusCode="403" redirect="~/Secure/AccessDenied.aspx" />
</customErrors>
So what we're expecting is a redirect to the AccessDenied.aspx page. What we get is a redirect to the ServerError.aspx page.
We've also tried this:
Sub Application_OnError(ByVal sender As Object, ByVal e As EventArgs)
Dim innerMostException As Exception = getInnerMostException(Me.Context.Error)
If TypeOf innerMostException Is AccessDeniedException Then
Security.LogAccessDeniedOccurrence(DirectCast(innerMostException, AccessDeniedException))
Context.Response.StatusCode = DirectCast(HttpStatusCode.Forbidden, Integer)
End If
End Sub
Which unsuprisingly doesn't work either.
Any ideas what we're doing wrong?