[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 606
  • Last Modified:

asp.net redirect to access denied page

Hi

I am trying to redirect unauthorised users to a custom access denied page but it's not working - unauthorised users are simply redirected back to the login. Here is my web.config

      <customErrors defaultRedirect="ErrorPage.aspx" mode="On">
                  <error statusCode="401.3" redirect="AccessDenied.aspx" />
                  <error statusCode="401" redirect="AccessDenied.aspx" />
                  <error statusCode="500" redirect="servererror.aspx" />
                  <error statusCode="404" redirect="filenotfound.aspx" />
                  <error statusCode="403" redirect="AccessDenied.aspx" />

    </customErrors>

Any ideas?

thanks, andrea
0
andieje
Asked:
andieje
1 Solution
 
frodomanCommented:
Are you using forms security?  If so, I believe that the redirect to the login page specified in your web.config file overrides the customErrors handling.  I suspect that the forms level security actually catches the 401 error and handles it so it's never making it to the IIS error handling.
0
 
raterusCommented:
frodo is right, but I don't think the 401 is overridden, it's never thrown in the first place.

You may be able to do this in global.asax

      Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As System.EventArgs)
            If User.Identity.IsAuthenticated = False And Request.Path <> "/login.aspx" Then
                  Response.Redirect("AccessDenied.aspx")
            End If
      End Sub
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now