Best IT Recipes

ASP.Net MVC authorization action filter

I am trying to understand how error handling works when using Authorize [Authorize] Action Filter in MVC Preview 4.

I have an action that looks like this:

[Authorize(Roles = "DOMAIN\\NOTAUTHORISED_ROLE" )] [HandleError] public ActionResult NeedAuthorisation() { throw new NotImplementedException(); }

When I visit the URL: http://localhost:2197/testAuthorisation/NeedAuthorisation , I get a blank page in my browser. In Firebug, I see that a request has been made, and the status of the 401 - Unauthorised response 401 - Unauthorised . But I am not being redirected or returned a customError. Everything works as expected when using the role I am authorized to.

This is Windows authentication. I'm in the middle of writing code to try out forms authentication to see if I have the same problem. I set <customerrors mode="On"/> and created error pages, both in the testAuthorisation folder and in the shared folder.

+10
asp.net-mvc
Jan 29 '09 at 11:29
source share
3 answers

I ended up finding this MVC tutorial that solved my problem:

Exactly what happens when you try to trigger a controller action without the appropriate rights depends on the type of authentication enabled. By default, when using the ASP.NET Development Server, you simply get a blank page. Page served with 401 Not Authorized HTTP response status.

+11
Jan 29 '09 at 16:30
source share

If you set the CustomErrors value to Off or RemoteOnly, you will not be redirected to the page specified by HandleError (the default is Error.aspx). Set it to β€œOn,” and then see what happens. However, any custom error pages that you specify explicitly will take precedence, so you need to delete them and simply:

<customErrors mode="On" />

0
Jan 29 '09 at 12:10
source share

You will need a window with an error in the corresponding view folder, i.e. you need a Views/TestAuthorization/Error.aspx for something to appear.

You can also customize this behavior with what you want to use, and to which exception you want it to be fired.

 [HandleError(ExceptionType = typeof(SqlException), View = "DatabaseError")]] [HandleError(ExceptionType = typeof(NullReferenceException), View = "LameErrorHandling")]]
0
Jan 29 '09 at 12:16
source share


More articles:


All Articles