asp.net 4.0 Custom 401.2 not Authorized custom page

Question

I successfully implemented role based authorization in ASP.NET. When a person does not have the needed role he gets to see an error page for 401.2 not authorized. What I would like to accomplish now is to have a custom 401 page in my application and have it redirected there via settings in the web.config. I tried this:

<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"><error statusCode="401" redirect="NoAccess.htm" /></customErrors>

But this does not get caught. Do I have to override it in IIS instead? I hope not as that would make getting things deployed harder

From where are you testing the setting? If you set mode to "RemoteOnly" you'll be redirected only if you try to access the site from a remote client. — mamoo, Oct 07 '11 at 06:58
[Check out your answer here ](http://stackoverflow.com/a/9196564/726802) — Pankaj, Feb 08 '12 at 16:34

score 1 · Answer 1 · answered Dec 01 '11 at 20:52

I think what you might be running into is that you have security set for the entire application. That is when a 401 occurs the redirect to NoAccess.htm fails because the user does not have access to that file either. Since you didn't post the whole file I cannot be sure, but that is my best guess.

Make sure that you have a <location path="/NoAccess.htm"><system.web><authorization><allow users="?" /></authorization<</system.web> in your web.config file.

asp.net 4.0 Custom 401.2 not Authorized custom page

1 Answers1

Linked