I don't think it does m...Thanks though..
I think his is returning a 403 error and he wanted it to return a 404 instead. I presume he's using windows authentication on that particular folder and wanted to change the status code returned.
In my head, this ought to be straightforward, but I can't seem to find how to do it..
Looks like we'll have to wait for J
Looks like it....Can't seem to find an answer on google either...I would have thought it would be fairly straightforward.
I believe you'll have to handle this in an httpmodule. I have a link at home; I'll post it when I get the chance. I haven't had a chance to experiment with it, yet, either.
The other option is to setup your system using a custom roles provider. Then you can simply deny these roles to the pages in web.config and then use the customErrors section to redirect to a specific page if a 403 is encountered.
jmurrayhead
If you agree, give me rep.
If you like it here...throw us a few bones to help support us.
I don't think specific roles provider would work because each user can have Create, Read, Update and Delete permissions on each section of a site. So, for example one user could have Read and Update permissions on the "Users" section and another could have Create and Read permissions, but not Update. So a roles list could be huge.
I would have thought getting an ASP.NET page to return an HTTP Status Code shoudl be reasonably straightforward. Am I missing something here?
The setup is in a web.sitemap file I have added custom parameters of Section and Permission. My master page retrieves the current node and then uses these parameters to check if the current user has the correct privileges.
If they don't, I just want to return a 403 status code. Do you think it could be related to where I call this functionality? Currently it's in Page_Init of Master Page.
If the user has none of the roles, then they will not be granted authorization to that particular page. However, I'm not sure if it sends a 403 status code.Originally Posted by richyrich
obviously
It has to happen before any page event. This is why an httpmodule would need to be used.
jmurrayhead
If you agree, give me rep.
If you like it here...throw us a few bones to help support us.
I think this may be the issue. In the code in my original post, I think the status code has already been returned so trying to set it to something else is having no effect..
I think my Dynamic SiteMapNode code may work in this case....Think that uses something like an HttpModule...Will take a look and see if I can adjust it...
OK. I have got this code, so far:-
But I am getting error "Object reference not set to an instance of an object" on line in red. Can I not retrieve the Current FormsAuthentication user in this context?Code:public class PermissionModule : IHttpModule { public PermissionModule() { } public void Init(HttpApplication application) { application.BeginRequest += (new EventHandler(this.Application_BeginRequest)); application.EndRequest += (new EventHandler(this.Application_EndRequest)); } private User user { get; set; } public void Application_BeginRequest(Object source, EventArgs e) { // Create HttpApplication and HttpContext objects to access // request and response properties. HttpApplication application = (HttpApplication)source; //HttpContext context = application.Context; if (user == null) { user = new User(); user = User.GetUser(Convert.ToInt32(application.Context.User.Identity.Name)); } SiteMapNode node = SiteMap.CurrentNode; if (node != null) { if (node["section"] != "0") { if (!user.admin && !user.CheckUserPermission(Convert.ToInt32(node["section"]), Convert.ToInt32(node["permission"]))) HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } }
Try:
Code:context HttpContext; context = HttpContext.Current; user = User.GetUser(Convert.ToInt32(context.User.Identity.Name));
jmurrayhead
If you agree, give me rep.
If you like it here...throw us a few bones to help support us.
Posting Permissions 
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks