LinkBack URL
About LinkBacksOK...I've read numerous articles about this and still can't get it to work, so am giving up and just using a redirect if they don't authenticate.
OK...I've read numerous articles about this and still can't get it to work, so am giving up and just using a redirect if they don't authenticate.
I told youOriginally Posted by richyrich
yes, yes....Very clever...I told you
I still don't know why what I wanted to do wouldn't work. If I changed the status code value using the HTTP module when I retrieved it in the page it was showing as correct. But then it wasn't actually performing like that was the status code.
I would have thought it would be something you would use when authenticating users.
1) Authenticate a user
2) Check if they have permission to view resource
3) Return status code depending on whether they have permission or not.
That's effectively how windows authentication works. Perhaps changing it in .NET is just too far down the request process to have any effect. Wonder why they've made it a get / set property then when changing it has no effect?
Still I've only wasted a whole day trying to get it to work...
lol
But i think it should work, something is being missed or done wrongly here
Yes...Something doesn't seem quite right...I think, although I can't really remember now, I got it to work with a 401 status, by putting it directly in the page (or master page) but it just kept redirecting to the login page, which isn't what I wanted.lol
But i think it should work, something is being missed or done wrongly here
I couldn't find any similar example that used FormsAuthentication with status codes on google, so perhaps it just can't be done...:shrugs:
To get this to work, I did the following:
web.config
MyAuthorizationModule.vbCode:<customErrors mode="On" defaultRedirect="~/Error.aspx"> <error statusCode="403" redirect="~/Error.aspx?s=403" /> </customErrors> <httpModules> <add name="AuthorizationModule" type="MyAuthorizationModule" /> </httpModules>
Hope this helps.Code:Public Class MyAuthorizationModule Implements IHttpModule Public Sub Init(ByVal context As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init AddHandler context.AuthorizeRequest, AddressOf Application_AuthorizeRequest End Sub Private Sub Application_AuthorizeRequest(ByVal sender As Object, ByVal e As EventArgs) ' Perform authorization business logic here ' If authorization business logic fails, call the following: ' HttpContext.Current.Response.StatusCode = CType(System.Net.HttpStatusCode.Forbidden, Integer) ' Throw New HttpException(403, "You are not authorized") End Sub End Class
jmurrayhead
If you agree, give me rep.
If you like it here...throw us a few bones to help support us.
It did seem to kind of work in that it went to the page designated for a 403 error, but I just wanted the normal "You are not authorised page" and it was also not allowing users access to pages they should have access to.
May as well just stick with what I got, I think...
Posting Permissions 
Reply With Quote
Bookmarks