Throw HTTP Status Code error

**richyrich** · richyrich, November 30th, 2009 07:19 AM

I'm building a site that uses FormsAuthentication, so users have to login. When they login, they have various permissions for different areas of the site.

If they try to access a page that they don't have permission for I want to throw a 403 status code error so they see the forbidden page.

Any ideas how to go about this?

**richyrich** · richyrich, November 30th, 2009 07:24 AM

I have tried just setting the StatusCode of the Current HttpContext

Code:

HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.Forbidden;

but that doesn't seem to do anything. It just processes the page as normal.

I put it in the Page_Load event of my Master Page. Should I try it before it reaches this event?

**micky** · micky, November 30th, 2009 07:44 AM

I check value of "HttpContext.Current.User.Identity.Name" in Master page and accordingly not show its link in left menu.

But i dont know whats your set up.

**richyrich** · richyrich, November 30th, 2009 07:46 AM

Yes, I do that already m.

What I want to do is if a user types the page into the address bar then it shows the standard 403 error page ie You do not have permission to view this resource etc.

So, basically I want to return a status code of 403 to the browser and then it shows the standard 403 error page, I think...

If I throw an HttpException it shows the .NET exception page, which I don't want. I want to 403 error page to show

**micky** · micky, November 30th, 2009 07:49 AM

So just check if they have permission or not, if not, then redirect to such page (make such page).

Thats how i would do it......... but generally its not the right way

**richyrich** · richyrich, November 30th, 2009 07:53 AM

Yes, I could do that.

I just thought I would try and use the pages already there rather than building more pages. IE if they don't have permission, just return a 403 status.

Then at least I could add custom error pages at a later date if I wanted.

**micky** · micky, November 30th, 2009 07:57 AM

How do you call such existing pages??

Or do you have to do something in IIS?

Or you are asking this only??

**richyrich** · richyrich, November 30th, 2009 07:59 AM

All I really want to happen is that if a user browses to a page they don't have access to, the asp.net page sends back a 403 status code and, currently, the user would see the default 403 (You do not have permission to view this resource) page.

**micky** · micky, November 30th, 2009 08:01 AM

How do you determine that user has permission or not??

**richyrich** · richyrich, November 30th, 2009 08:05 AM

The user logs in using FormsAuthentication.

Each page is allocated a Section and Permission variable. I then check this against a UserRoles db table to see if they have permission or not.

If they don't then I want to return a 403 status code.

Thread: Throw HTTP Status Code error

LinkBack

Thread Tools

Display

Throw HTTP Status Code error

Similar Threads

http://conception-2-school.com/forums/

Need PHP/SQL code help...to fix written code

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions