ASP.Net Windows Authentication and 401.2 Errors

I am working on an ASP.Net app that usesWindows authentication for users. I have a certain section of the app, the “Administration” set of pages that I want to exclude from certain roles of users. This is easy using a web.config file, but the unauthorized users get an ugly default 401.2 error page. I would like to have a custom page for that, and surpisingly there was not a ton of information out there on how to do it. In fact, more often than not the answer was “It can’t be done.”

I did find an acceptable answer in the forums at aspfree.com. Essentially the solution is to handle the Application_EndRequest event in the global.asax and check the status code and authentication of the user. Here is my version:

void Application_EndRequest(object sender, EventArgs e)
{
    if (Response.StatusCode == 401 && Request.IsAuthenticated && Request.Url.AbsoluteUri.Contains(“Administration”))
    {
        Response.ClearContent();
        Server.Execute(“../NoAccess.aspx?id=Administration”);
    }
}

 

I don’t believe this method will work with Forms Authentication, I ran across plenty of posts saying that it works differently.

Posted on:

Comments are closed.