Returning custom errors

Question

I have designed a Controller called ErrorController with methods like Forbidden or NotFound, so I could add to Web.config the following lines:

<customErrors mode="On" defaultRedirect="~/Error/Unknown" />
    <error statusCode="404" redirect="~/Error/NotFound" />
    <error statusCode="403" redirect="~/Error/Forbidden" />
</customErrors>

So now I want to be able to do something like that:

public ActionResult Edit(int idObject)
{
    if( user.OnwsObject(idObject) )
    {
        // lets edit
    }
    else
    {
        // ** SEND AN ERROR 403 ***
        // And let ASP.NET MVC with IIS manage that error to send
        // the requester to the Web.config defined error page.
    }
}

The problem is that I have tried things like: (A)throw new HttpException(403, "Error description");: resulting in an Unhandled exception that causes the system to crash, (B)return HttpStatusResultCode(403, "Error description"): resulting in a system default page for those errors.

What should I use instead?

Thanks in advance.

Answer 1

Actually you can not use web.config for 403 redirects.

What you can do is override OnActionExecuted on a controller to check for the status code and redirect to whatever is defined in web.config, like this

Web.config:

<customErrors mode="On">
  <error statusCode="403" redirect="~/Error/Forbidden" />
</customErrors>

Your HomeController

public class HomeController : Controller
{
    protected override void OnActionExecuted(ActionExecutedContext filterContext)
    {
        if (filterContext.HttpContext.Response.StatusCode == 403)
        {
            var config = (CustomErrorsSection)
                           WebConfigurationManager.GetSection("system.web/customErrors");
            string urlToRedirectTo = config.Errors["403"].Redirect;
            filterContext.Result = Redirect(urlToRedirectTo);
        }
        base.OnActionExecuted(filterContext);
    }

    public ActionResult Edit(int idObject)
    {
         if(!user.OnwsObject(idObject))
         {
             Response.StatusCode = 403;
         }

         return View();
    }
}

ErrorController:

public class ErrorController : Controller
{
    public ActionResult Forbidden()
    {
        Response.StatusCode = 403;
        return View();
    }
}

More generic solution would be to create an action filter that you can apply to the controller or the individual action:

public class HandleForbiddenRedirect : ActionFilterAttribute
{
    public override void OnActionExecuted(ActionExecutedContext filterContext)
    {
        if (filterContext.HttpContext.Response.StatusCode == 403)
        {
            var config = (CustomErrorsSection)
                           WebConfigurationManager.GetSection("system.web/customErrors");
            string urlToRedirectTo = config.Errors["403"].Redirect;
            filterContext.Result = new RedirectResult(urlToRedirectTo);
        }
        base.OnActionExecuted(filterContext);
    }
}

Now you can apply the action filter to the controller so that all actions redirect on 403

[HandleForbiddenRedirect]
public class HomeController : Controller
{
    //...
}

Or have an individual action redirect on 403

public class HomeController : Controller
{
    [HandleForbiddenRedirect]
    public ActionResult Edit(int idObject)
    {
         //...
    }
}

Or if you don't wont to decorate all the controllers and action but want to apply it everywhere you can add it in filter collection in Application_Start of Global.asax

GlobalFilters.Filters.Add(new HandleForbiddenRedirect());