How to redirect user to a page while accessing unauthorized folder

Question

0.00/5 (No votes)

See more:

Hi mates,

I'm onto a project that have multiple roles. There are few folders containing different pages. Folder access is limited to the individual roles. For now if a user in role 1 is trying to access the contents of the folder other than allowed, it redirects to Login page whereas I want it to redirect to a specific page saying, "You are not authorized to view this page" or like that. Should I do something with web.config file? Please suggest how can I achieve this purpose.
Any little help is appreciated.

Best Regards,
Sunny

Posted 21-Sep-12 21:35pm

Sunny_Kumar_

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sandeep Mewara · Answer 1 · 2012-09-21T23:09:00

Solution 2

A change in Web.Config file should do:

XML

<customErrors mode="On" defaultRedirect="/errors/404.aspx">
       <error statusCode="401" redirect="/errors/401.aspx"/><!--401 (Unauthorized)-->
       <error statusCode="403" redirect="/errors/403.aspx"/><!--403 (Forbidden)-->
       <error statusCode="404" redirect="/errors/404.aspx"/><!--404 (Not Found)-->
</customErrors>

Try out!

Posted 21-Sep-12 23:09pm

Sandeep Mewara

Comments

Sunny_Kumar_ 22-Sep-12 5:50am

didn't work... redirects to the Login Page.

Sandeep Mewara 22-Sep-12 5:54am

You have to be logged in in order to make this work.

First thing always is to check for authentication. Post that authorization.

Sunny_Kumar_ 22-Sep-12 6:00am

I did was. I also tried like this:
if (Request.IsAuthenticated)
{
if(!User.IsInRole("role")) Response.Redirect("unAuthorized.aspx");
}

Sandeep Mewara 22-Sep-12 5:58am

Still, if you seek for authorization, look at this:
http://stackoverflow.com/questions/11577614/redirect-unauthorized-users-to-a-custom-page-error

Details:
You can manipulate the content of "401 Access Denied" response (if this is the case) by adding the following code in the Application_EndRequest event of Global.asax.cs:

protected void Application_EndRequest(Object sender,
EventArgs e)
{
HttpContext context = HttpContext.Current;
if (context.Response.Status.Substring(0,3).Equals("401"))
{
context.Response.ClearContent();
context.Response.Write("<script language="javascript">" +
"self.location='../login.aspx';</script>");
}
}

Sunny_Kumar_ 22-Sep-12 6:01am

gonna give this a try...

Sunny_Kumar_ 22-Sep-12 6:04am

not working! I had seen this answer over StackOverflow:
http://stackoverflow.com/questions/11577614/redirect-unauthorized-users-to-a-custom-page-error

Sunny_Kumar_ 22-Sep-12 6:14am

While debugging I found that It never reaches to the Page_Load of the page in unauthorized folder

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) · Answer 2 · 2012-09-21T22:52:00

Solution 1

Here is the solution Forms Authentication - Redirecting users to a Page other than Default.aspx[^]

C#

// Once the user's entered credentials are verified //
if(Request.Params["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtUserName.text, false);
}
else
{
FormsAuthentication.SetAuthcookie(txtUserName.text, false);
Response.Redirect("CustomPage.aspx");
}

It may help.

Posted 21-Sep-12 22:52pm

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

Comments

Sandeep Mewara 22-Sep-12 5:29am

Now, how again this is what OP is seeking for? He wants to direct people to 'unauthorized' page.

What you say is:
1. formAuthentication has to be there - NOT necessary
2. you redirect to login page! (authentication based)
There is a difference between authentication and authorization.

No where what OP is trying to do.

:doh:

BTW, I don't know if you downvoted my answer or not but I cannot upvote your answer as it is no where near to what OP asks.

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 22-Sep-12 13:23pm

I have not downvoted your answer...

Thanks...

Sunny_Kumar_ 22-Sep-12 6:11am

copy cat:
http://geekswithblogs.net/ranganh/archive/2005/04/25/37612.aspx

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 22-Sep-12 13:21pm

I am not a copy cat, I have given the link and then quoted the answer...