Solved

How to explicitly raise an HTTP error?

Posted on 2004-04-27
10
1,728 Views
Last Modified: 2008-02-01
Hi,

I'm currently developping with ASP.NET using C# and I wanted to know if it's possible to raise an HTTP error explicitly. I want, for example, a forbidden 403 error to be displayed when the user tries to access certain pages or click on certain links. I would be grateful if someone could help. Thanks...

Ash.

0
Comment
Question by:ashv27
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 2

Expert Comment

by:b_smith_79
Comment Utility
Wow, you are the first person I have met who actually wanted their application to throw the default error messages :)

I would just redirect the user to a page that all users are explicitly denied access to if I had a real need to only ever use the IIS error page.
0
 

Author Comment

by:ashv27
Comment Utility
Thanks for your reply. Is there any other way of achieving this without directly redirecting the user to the error page. I'm repeating myself, but is it possible to raise the error and let IIS do the redirection?
0
 
LVL 2

Expert Comment

by:b_smith_79
Comment Utility
I don't know of a line of code that you can write to just throw your choice of error but it would be useful.

IIS does a server.transfer to whatever page is configured as the error page, so just emulating its behaviour is another option.
0
 
LVL 12

Expert Comment

by:venkateshwarr
Comment Utility
you can do that with server side language scripting....
In php...

<?php
if ((!isset($PHP_AUTH_USER)) ||
    (!isset($PHP_AUTH_PW)) ||
    ($PHP_AUTH_USER != "guest") ||
    ($PHP_AUTH_PW != "guest"))
{
    header('WWW-Authenticate: Basic realm="Private Area"');
    header("HTTP/1.1 401 Unauthorized");
    print "This page requires authorisation.";
    exit();
}
else
{
    print "You're through to the secret page, was the effort worth it?";
}
?>

0
 
LVL 2

Expert Comment

by:b_smith_79
Comment Utility
Why do you want to do this, by the way?

If it's your intention to actually trip the internal access denied routine in IIS for logging purposes or whatever, then neither my nor the above solution will really work.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:ashv27
Comment Utility
The reason is that I have several pages which take their parameters from their respective url by the GET method (query string) and would like to thow a 403 forbidden error if the pages are called without the proper parameters in the url.
0
 
LVL 2

Expert Comment

by:SatanUK
Comment Utility
well the ASP.NET Version of the PHP Header is

Response.AddHeader(name,value)

but im not sure if "HTTP/1.1 401 Unauthorized" is the name or value
0
 

Expert Comment

by:crimsonIE
Comment Utility
give this a go:

void Page_Load(Object src, EventArgs args) {
   // raise an intentional exception to get the ball rolling
   throw new ApplicationException("This is an unhandled exception.");
}

void Page_Error(Object sender, EventArgs args) {
   Response.Write("Error:\n");
   Exception e = Server.GetLastError();
   Trace.Write("Message",e.Message);
   Trace.Write("Source",e.Source);
   Trace.Write("Stack Trace",e.StackTrace);
Response.Write("Sorry, an error was encountered.");
   Context.ClearError();
}
0
 

Accepted Solution

by:
crimsonIE earned 125 total points
Comment Utility
This is actually a lot simpler. Edit you web.config file and enter the following.

1) If you want a generic page for ANY error then:

   <customErrors mode="remoteonly" defaultRedirect="error.htm">

2) If you want specific error messages for specific errors like 404, 500, 501 then
    (add in errror statuscode line for each one. in this case i have one in for the 404 error)

<customErrors mode="remoteonly" defaultRedirect="error.htm">
  <error statusCode="404" redirect="pagenotfound.htm"/>
</customErrors>


List of status codes:
HTTP Status Codes

100 - Continue
101 - Switching Protocols
200 - OK
201 - Created
202 - Accepted
203 - Non-Authoritative Information
204 - No Content
205 - Reset Content
206 - Partial Content
300 - Multiple Choices
301 - Moved Permanently
302 - Found
303 - See Other
304 - Not Modified
305 - Use Proxy
306 - No Longer Used
307 - Temporary Redirect
400 - Bad Request
401 - Not Authorised
402 - Payment Required
403 - Forbidden
404 - Not Found
405 - Method Not Allowed
406 - Not Acceptable
407 - Proxy Authentication Required
408 - Request Timeout
409 - Conflict
410 - Gone
411 - Length Required
412 - Precondition Failed
413 - Request Entity Too Large
414 - Request URI Too Long
415 - Unsupported Media Type
416 - Requested Range Not Satisfiable
417 - Expectation Failed
500 - Internal Server Error
501 - Not Implemented
502 - Bad Gateway
503 - Service Unavailable
504 - Gateway Timeout
505 - HTTP Version Not Supported
0
 

Author Comment

by:ashv27
Comment Utility
Hi,

Thanks for your posts. venkateshwarr's approach sounded promising; i even tried it using PHP, but it only echoes the message following the header without any server redirection to the appropriate error page.

crimsonIE your solution shows what to do once the error is thrown but not how to explicitly throw the error. Anyway i think that i'll make my own custom error pages as you suggested, and do the redirection myself when the need arises.

Thanks again...
 
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Setting blogger custom domain error 3 43
HTML table 7 54
Problem to Popup 37 78
Video will not go into background 20 27
A Change in PHP Behavior with Session Write Short Circuit (http://php.net/manual/en/book.session.php#116217) (Winter 2014)** With the release of PHP 5.6 the session handler changed in a way that many think should be considered a bug.  See the note …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now