Click here to Skip to main content
14,175,662 members
Rate this:
 
Please Sign up or sign in to vote.
See more:
My website is using forms authentication. I have this in the root web.config (with some changes for security purposes):

<authentication mode="Forms">
  <forms loginUrl="~/Login/Default.aspx" name=".MyAuthCookie" 

    defaultUrl="~/Secured/Default.aspx" enableCrossAppRedirects="true" 

    protection="All" path="/" timeout="30" />
</authentication>


This works great: when an unauthenticated user tries to access the site, he is directed to the login page.

I have several folders that are restricted using their own very short web.config files, like this:

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization lockItem="true">
      <allow roles="Administrator, Executive"/>
      <allow users="User1, User2"/>
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>


This also works great: when someone other than an allowed user or role tries to access a file in the folder, they are denied.

My problem is that IIS treats the denied user as if he was unauthenticated, and redirects him to the login page. The behavior I want is to recognize that he is authenticated, just not authorized, and redirect him to a page that says "Permission denied."

I have custom errors enabled, and the 401 status is redirected to a page called "NoPermission.aspx". Unfortunately, it is not being caught.

Suggestions?
Posted
Updated 23-Jan-12 7:28am
v2

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

The UrlAuthorizationModule takes care of the authorization and this can be handled only in global.asax file.
In your global.asax file add the following code -

void Application_AuthorizeRequest(Object sender, EventArgs e)
    {
        if (Request.IsAuthenticated && (Request.HttpMethod == "GET") &&  !string.IsNullOrEmpty(Request["ReturnUrl"]))
        {
            Response.Redirect("~/NoAccess.aspx");
        }
    }
   
Comments
Gregory Gadow 24-Jan-12 10:02am
   
Brilliant, works like a charm. Many thanks!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Cookies | Terms of Service
Web06 | 2.8.190525.1 | Last Updated 23 Jan 2012
Copyright © CodeProject, 1999-2019
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100