I just learned about a FREE .Net training event being held in Ann Arbor, MI on May 13th, 2006: Day of .Net! Check out the agenda at the site.
It is a one-day event advertised as a One Day Conference on all things .NET by Developers for Developers. Lots of great speakers, starting with Mark Miller of Mondays fame, and lots of great local .Net experts, including great guys like Aydin Akcasu, Nino Benvenuti, Dustin Campbell, Jason Follas, Dave Giard, Charles Stacy Harris III, Darrell Hawley, Jim Holmes, Josh Holmes, John Hopkins, Greg Huber, Paul Kimmel, Alex Lowe, Drew Robbins, Martin Shoemaker, and Bill Wagner.
I am working on an ASP.Net app that usesWindows authentication for users. I have a certain section of the app, the “Administration” set of pages that I want to exclude from certain roles of users. This is easy using a web.config file, but the unauthorized users get an ugly default 401.2 error page. I would like to have a custom page for that, and surpisingly there was not a ton of information out there on how to do it. In fact, more often than not the answer was “It can’t be done.”
I did find an acceptable answer in the forums at aspfree.com. Essentially the solution is to handle the Application_EndRequest event in the global.asax and check the status code and authentication of the user. Here is my version:
void Application_EndRequest(object sender, EventArgs e)
if (Response.StatusCode == 401 && Request.IsAuthenticated && Request.Url.AbsoluteUri.Contains(“Administration”))
I don’t believe this method will work with Forms Authentication, I ran across plenty of posts saying that it works differently.