tags:

views:

884

answers:

3
+2  Q: 

ASP.Net MVC Authorisation action filter question

Hi,

I'm trying to understand how error handling works when using the Authorize [Authorize] Action Filter in MVC Preview 4.

I have an action that looks like this:

    [Authorize(Roles = "DOMAIN\\NOTAUTHORISED_ROLE" )]
    [HandleError]
    public ActionResult NeedAuthorisation()
    {
        throw new NotImplementedException();
    }

When I visit the url: http://localhost:2197/testAuthorisation/NeedAuthorisation I get a blank page in my browser. In Firebug I can see that a request was made and a response-status of '401 - Unauthorised' has been returned. But I'm not being redirected or having a customError returned. Everything works as expected when using a role that I'm authorized for.

UPDATE This is using Windows authentication. I'm in the middle of writing some code to try out Forms authentication to see if I get the same issue. I have set and have created error pages, both in the testAuthorisation folder and the Shared folder.

Thanks, in advance!

A: 

If you've got CustomErrors set to Off or RemoteOnly then you won't get re-directed to the page specified by HandleError (default is Error.aspx). Set it to "On" and then see what happens. Any custom error pages you specify explicitly will take precedence, however, so you need to remove these, and have just:

<customErrors mode="On" />

Keith Williams  2009-01-29 12:10:50
Thanks, but I have customErrors set already. It isn't helping
Lewis  2009-01-29 13:36:14
A: 

You need an error view in the corresponding view folder, i.e. you need the file Views/TestAuthorization/Error.aspx in order to have anything show up.

You can also customize this behaviour by what view that you want to use and to what exception you want it to be triggered with.

[HandleError(ExceptionType = typeof(SqlException), View = "DatabaseError")]]
[HandleError(ExceptionType = typeof(NullReferenceException), View = "LameErrorHandling")]]
Spoike  2009-01-29 12:16:46
Thanks, but I already have the error view and I have one in the Shared folder. Both work as I'd expect (when I throw a NotImplementedException from that method for example).
Lewis  2009-01-29 13:40:19
+2  A: 

I eventually found this which solved my problem.

http://www.asp.net/learn/mvc/tutorial-18-vb.aspx

quote:

"Exactly what happens when you attempt to invoke a controller action without being the right permissions depends on the type of authentication enabled. By default, when using the ASP.NET Development Server, you simply get a blank page. The page is served with a 401 Not Authorized HTTP Response Status."

Is it OK to answer your own question here?

Lewis  2009-01-29 16:30:20

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps