tags:

views:

12

answers:

1
Q: 

After throwing a Security Exception, redirect to Login page...

I'm using WebForms and Asp.Net Routing.

When trying to implement security on a members folder, I'm following the directions here :

http://blogs.msdn.com/b/mikeormond/archive/2008/06/21/asp-net-routing-and-authorization.aspx

  private IHttpHandler GeneratePage(string VN, RequestContext RC)
  {
    string virtualPath
      = string.Format("~/Members/{0}.aspx", VN);

    if (UrlAuthorizationModule.CheckUrlAccessForPrincipal(virtualPath,
      RC.HttpContext.User,
      RC.HttpContext.Request.HttpMethod))
    {
      if (virtualPath != null)
      {
        return (Page)BuildManager.CreateInstanceFromVirtualPath(virtualPath, typeof(Page));
      }
    }
    else
    {
      throw new SecurityException();
    }

    return null;
  }
}

However, I don't just want to throw a security Exception, I would like to redirect to the login page. I'd rather not hard-code a Response.Redirect and I don't think this is the right way to do it anyhow.

What's the "proper" way to pass control to the Authorization engine and redirect to the Default Login page?

+1  A: 

You can't have both.

Thowing an exception terminates the code path.

Alternatively you can call FormsAuthentication.RedirectToLoginPage(string extraQueryString) and pass an arg that lets you inform the user of the problem on the login page.

e.g.

FormsAuthentication.RedirectToLoginPage("error=authorization-failure")

You would, of course, need to write code in the login page to recognize this.

Sky Sanders  2010-09-23 02:57:58
Thanks. I was wondering why you'd want to just throw a Security error in this space, but I was assuming you would do the redirect in a `catch` block.
Atømix  2010-09-23 16:36:58
@Atømix - it all depends on who is doing the catching. you said you wanted to throw and redirect. the only way you can do that is if you are doing the catching and if this is the case, it is not an exception, it is an expected case and should have an appropriate code path. You would throw an exception if there is nothing that you can do about the state.
Sky Sanders  2010-09-23 18:25:41

related questions

Multiple forms on ASP.NET page
In ASP.net Webforms how do you detect which Textbox someone pressed enter?
Linkbutton click event not running handler.
ASP.net ACTK DragPanel Extender on PopupControlExtender with UpdatePanel does not drag after partial postback
"DropDownList.SelectedIndex = -1" problem
forms and jquery
SelectedIndexChanged event handler getting old index
One Update Panel vs. Multiple Update Panels
Best way to implement mutliple Default Buttons on a ASP.NET Webform
When should you use standard html tags/inputs and when should you use the asp.net controls?
What are my options for having the RadioButtonList functionality of ASP.NET in WinForms?
ASP.Net RSS feed
How do you get the logged in Windows domain account from an ASP.NET application?
How do I remove items from the query string for redirection?
Asp.Net Form DefaultButton Error in Firefox
Best way in asp.net to force https for an entire site?
How to Dynamically Generate String Validation?
What is the best approach for (client-side) disabling of a submit button?
Why does the ASP.Net Web Forms model "suck"?
What do you do when you can't use ViewState?
Traditional ASP .NET Web Forms vs MVC
How to hide the cancel button on an ASP.NET ChangePassword control
Creating a UserControl Programmaticly within a repeater?
Calling base Methods When Overriding Page Level Events
Remove the bar at the top of Loginview for formatting