Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Redirect unauthorized users asp net

Tags:

c#

authentication

asp.net

web

active-directory

I'm working on a simple website in asp.net. I would like to restric access to the side, so that only users in a specific AD group is allowed. I have done that and it is working fine. But when a user that's not in the AD group tries to access the site, they are getting a login prompt. How do I redirect the unauthorized user to a custom page, instead of they getting the login prompt?

Below is my web.config. The lowest part of the code, is something i tried but did not work.

<configuration>
<system.web>
  <compilation debug="true" targetFramework="4.0" />
  <authentication mode="Windows"/>
  <authorization>
    <allow roles="DOMAIN\GROUP"/>
    <deny users="*"/>
  </authorization>
</system.web>

<location path="AccessDenied.aspx">
<system.web>
<authorization>
  <allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>

I have added this to the Global.asax.cs:

protected void Application_EndRequest(Object sender, EventArgs e)
    {
        if (HttpContext.Current.Response.Status.StartsWith("401"))
            {
                HttpContext.Current.Response.ClearContent();
                Server.Execute("AccessDenied.aspx");
            }
}

Any ideas ?

EDIT: I tried some of the posted solutions, but they did not work. But I got it working with this code:

void Application_EndRequest(object sender, System.EventArgs e)
    {
        if (((Response.StatusCode == 401)
        && (Request.IsAuthenticated == true)))
        {
            Response.ClearContent();
            Response.Redirect("~/AccessDenied.aspx");
        }
    }
}
like image 310
mads Avatar asked Sep 06 '13 08:09

mads

2 Answers

You can use Response.Redirect or Server.Transfer

Response.Redirect("AccessDenied.aspx");

Full example:

protected void Application_EndRequest(Object sender, EventArgs e)
{
  if (HttpContext.Current.Response.Status.StartsWith("401"))
  {
      HttpContext.Current.Response.ClearContent();
      Response.Redirect("AccessDenied.aspx");
  }
}
like image 63
Darren Avatar answered Oct 19 '22 01:10

Darren

Assuming you want to handle all "Unauthorized" errors:

<customErrors defaultRedirect="Error.aspx" mode="On">
    <error statusCode="401" redirect="Unauthorized.aspx" />
    <error statusCode="403" redirect="Forbidden.aspx" />
</customErrors>

Any 401 (unauthorized) requests will be forwarded to Unauthorized.aspx.

like image 40
Bibhu Avatar answered Oct 19 '22 03:10

Bibhu
Sign in to Comment

Related questions

ContentResult vs JsonResult with ajax
Markdown to PDF [closed]
How to use System.Linq.Expressions.Expression to filter based on children?
Can I detect when a background Thread is killed by the application when the application closes?
How can I debug or set a break statement inside a compiled expression tree?
How to organize unit tests and do not make refactoring a nightmare?
Breakpoint set by sosex.mbp or sosex.mbm not working
String.Format - How can I format to x digits (regardless of decimal place)?
Risks in switching from 'Copy always' to 'Copy if newer'
Can I avoid storing MS Exchange credentials while still being able to authenticate (against EWS)?
Why doesn't Json.Encode encode data returned from Json.Decode correctly?
Is it possible to mock/fake around to make a missing lock cause a failing test?
What exactly is ContextStaticAttribute?
Stored Procedure return values with linq data context
How to create a mock HttpWebRequest and HttpWebResponse object
C# Overloaded method invocation with Inheritance [duplicate]
WCF "Self-Hosted" application becomes unresponsive
Gray out logging code using ReSharper
File is being used by another process after File.Copy
NSUserDefaults - Xamarin

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!