10

I'm trying to understand how error handling works when using the Authorize [Authorize] Action Filter in MVC Preview 4.

I have an action that looks like this:

[Authorize(Roles = "DOMAIN\\NOTAUTHORISED_ROLE" )]
[HandleError]
public ActionResult NeedAuthorisation()
{
    throw new NotImplementedException();
}

When I visit the url: http://localhost:2197/testAuthorisation/NeedAuthorisation, I get a blank page in my browser. In Firebug I can see that a request was made and a response-status of 401 - Unauthorised has been returned. But I'm not being redirected or having a customError returned. Everything works as expected when using a role that I'm authorized for.

This is using Windows authentication. I'm in the middle of writing some code to try out Forms authentication to see if I get the same issue. I have <customerrors mode="On"/> set and have created error pages, both in the testAuthorisation folder and the Shared folder.

Enamul Hassan
  • 5,266
  • 23
  • 39
  • 56
Lewis
  • 5,769
  • 6
  • 30
  • 40

3 Answers3

11

I eventually found this MVC tutorial which solved my problem:

Exactly what happens when you attempt to invoke a controller action without being the right permissions depends on the type of authentication enabled. By default, when using the ASP.NET Development Server, you simply get a blank page. The page is served with a 401 Not Authorized HTTP Response Status.

Sir Crispalot
  • 4,792
  • 1
  • 39
  • 64
Lewis
  • 5,769
  • 6
  • 30
  • 40
0

If you've got CustomErrors set to Off or RemoteOnly then you won't get re-directed to the page specified by HandleError (default is Error.aspx). Set it to "On" and then see what happens. Any custom error pages you specify explicitly will take precedence, however, so you need to remove these, and have just:

<customErrors mode="On" />

Keith Williams
  • 2,257
  • 3
  • 19
  • 29
0

You need an error view in the corresponding view folder, i.e. you need the file Views/TestAuthorization/Error.aspx in order to have anything show up.

You can also customize this behaviour by what view that you want to use and to what exception you want it to be triggered with.

[HandleError(ExceptionType = typeof(SqlException), View = "DatabaseError")]]
[HandleError(ExceptionType = typeof(NullReferenceException), View = "LameErrorHandling")]]
Community
  • 1
  • 1
Spoike
  • 119,724
  • 44
  • 140
  • 158
  • Thanks, but I already have the error view and I have one in the Shared folder. Both work as I'd expect (when I throw a NotImplementedException from that method for example). – Lewis Jan 29 '09 at 13:40