asp.net mvc Not authorized response is blank page?

Question

If i'm not authorized on a controller action, i am getting a blank page and no error message? I'd like to display a message of some sort, Here's my setup:

class MyAuth : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (!httpContext.User.Identity.IsAuthenticated)
            return false;

        return MyIsCurrentUserInRoles(Roles.Split(",".ToCharArray()));
    }
}

used as

[Myauth(Roles="admin")]
class MyController: Controller
{
}

and the result is blank page when i'm not authorized ?

Is that the default behaviour ? if so, what where do i change it to produce a unauth message ?

score 8 · Answer 1 · edited May 23 '17 at 12:08

8

Yes, this is the default behaviour when running in the ASP.Net Development Server:

ASP.Net MVC Authorisation action filter

You can redirect it to a page by editing the web.config to include a redirect for error 401:

<customErrors defaultRedirect="ErrorPage.aspx" mode="On"> 
    <error statusCode="401" redirect="AccessDenied.aspx" />       
</customErrors>

edited May 23 '17 at 12:08

Community

1
1

answered Jul 02 '09 at 12:05

Rhys Jones

3,833
3
21
17

score 2 · Answer 2 · edited Jul 07 '11 at 05:16

You can override HandleUnauthorized like AuthorizeCore to say redirect to NoAccess page.

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {

        filterContext.Result = new RedirectToRouteResult(
                                   new RouteValueDictionary {
                               { "controller", "NoAuthPages" },    
                               { "action", "NoAccess" }                                       
                               });
    }

asp.net mvc Not authorized response is blank page?

2 Answers2