How to explicitly raise an HTTP error?

Hi,

I'm currently developping with ASP.NET using C# and I wanted to know if it's possible to raise an HTTP error explicitly. I want, for example, a forbidden 403 error to be displayed when the user tries to access certain pages or click on certain links. I would be grateful if someone could help. Thanks...

Ash.

ashv27Asked:
Who is Participating?
 
crimsonIEConnect With a Mentor Commented:
This is actually a lot simpler. Edit you web.config file and enter the following.

1) If you want a generic page for ANY error then:

   <customErrors mode="remoteonly" defaultRedirect="error.htm">

2) If you want specific error messages for specific errors like 404, 500, 501 then
    (add in errror statuscode line for each one. in this case i have one in for the 404 error)

<customErrors mode="remoteonly" defaultRedirect="error.htm">
  <error statusCode="404" redirect="pagenotfound.htm"/>
</customErrors>


List of status codes:
HTTP Status Codes

100 - Continue
101 - Switching Protocols
200 - OK
201 - Created
202 - Accepted
203 - Non-Authoritative Information
204 - No Content
205 - Reset Content
206 - Partial Content
300 - Multiple Choices
301 - Moved Permanently
302 - Found
303 - See Other
304 - Not Modified
305 - Use Proxy
306 - No Longer Used
307 - Temporary Redirect
400 - Bad Request
401 - Not Authorised
402 - Payment Required
403 - Forbidden
404 - Not Found
405 - Method Not Allowed
406 - Not Acceptable
407 - Proxy Authentication Required
408 - Request Timeout
409 - Conflict
410 - Gone
411 - Length Required
412 - Precondition Failed
413 - Request Entity Too Large
414 - Request URI Too Long
415 - Unsupported Media Type
416 - Requested Range Not Satisfiable
417 - Expectation Failed
500 - Internal Server Error
501 - Not Implemented
502 - Bad Gateway
503 - Service Unavailable
504 - Gateway Timeout
505 - HTTP Version Not Supported
0
 
b_smith_79Commented:
Wow, you are the first person I have met who actually wanted their application to throw the default error messages :)

I would just redirect the user to a page that all users are explicitly denied access to if I had a real need to only ever use the IIS error page.
0
 
ashv27Author Commented:
Thanks for your reply. Is there any other way of achieving this without directly redirecting the user to the error page. I'm repeating myself, but is it possible to raise the error and let IIS do the redirection?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
b_smith_79Commented:
I don't know of a line of code that you can write to just throw your choice of error but it would be useful.

IIS does a server.transfer to whatever page is configured as the error page, so just emulating its behaviour is another option.
0
 
venkateshwarrCommented:
you can do that with server side language scripting....
In php...

<?php
if ((!isset($PHP_AUTH_USER)) ||
    (!isset($PHP_AUTH_PW)) ||
    ($PHP_AUTH_USER != "guest") ||
    ($PHP_AUTH_PW != "guest"))
{
    header('WWW-Authenticate: Basic realm="Private Area"');
    header("HTTP/1.1 401 Unauthorized");
    print "This page requires authorisation.";
    exit();
}
else
{
    print "You're through to the secret page, was the effort worth it?";
}
?>

0
 
b_smith_79Commented:
Why do you want to do this, by the way?

If it's your intention to actually trip the internal access denied routine in IIS for logging purposes or whatever, then neither my nor the above solution will really work.
0
 
ashv27Author Commented:
The reason is that I have several pages which take their parameters from their respective url by the GET method (query string) and would like to thow a 403 forbidden error if the pages are called without the proper parameters in the url.
0
 
SatanUKCommented:
well the ASP.NET Version of the PHP Header is

Response.AddHeader(name,value)

but im not sure if "HTTP/1.1 401 Unauthorized" is the name or value
0
 
crimsonIECommented:
give this a go:

void Page_Load(Object src, EventArgs args) {
   // raise an intentional exception to get the ball rolling
   throw new ApplicationException("This is an unhandled exception.");
}

void Page_Error(Object sender, EventArgs args) {
   Response.Write("Error:\n");
   Exception e = Server.GetLastError();
   Trace.Write("Message",e.Message);
   Trace.Write("Source",e.Source);
   Trace.Write("Stack Trace",e.StackTrace);
Response.Write("Sorry, an error was encountered.");
   Context.ClearError();
}
0
 
ashv27Author Commented:
Hi,

Thanks for your posts. venkateshwarr's approach sounded promising; i even tried it using PHP, but it only echoes the message following the header without any server redirection to the appropriate error page.

crimsonIE your solution shows what to do once the error is thrown but not how to explicitly throw the error. Anyway i think that i'll make my own custom error pages as you suggested, and do the redirection myself when the need arises.

Thanks again...
 
0
All Courses

From novice to tech pro — start learning today.