How to generate an 401 error programmatically in an ASP.NET page

Question

As you can see this is a question from a non web developer. I would like to have an ASPX page which, under certain circumstances, can generate a 401 error from code. Ideally it would show the IIS standard page.

score 61 · Answer 1 · answered Oct 20 '08 at 07:00

61

Response.StatusCode = 401;
Response.End();

answered Oct 20 '08 at 07:00

Mark Cidade

98,437
31
224
236

8

I've no idea why this has been voted down - it's pretty much the same as my (voted up) answer, just in code form. Sure, it doesn't have the links which *may* be useful, but it's still a perfectly good answer... – Jon Skeet Oct 20 '08 at 07:10
I totally agree with Jon. Since I can't accept two answers, I accepted Jon's answer and voted up this one. The are a few things I should figure out by myself though but it gave me a head start. Thanks! – Detlef D. Doerscheln Oct 20 '08 at 09:08
3

It was probably voted down because it was submitted just after @jon's so it looked like a piggy-back answer (although they were both written simultaneously). Thanks for the upvotes though : ) – Mark Cidade Oct 20 '08 at 09:11
1

The problem this Jon's approach, and this one, is that Forms authentication will see someone trying to return `401`, intercept it, re-write it as `302`. So rather than returning `401`, the user agent is presented `302 Found`. – Ian Boyd Feb 18 '16 at 22:18

score 59 · Accepted Answer · answered Oct 20 '08 at 07:00

59

Set Response.StatusCode and then - if you need to stop execution - call Response.End().

answered Oct 20 '08 at 07:00

Jon Skeet

1,421,763
867
9,128
9,194

Brian Ferguson · Answer 3 · 2009-10-26T22:51:54.417

I think I still prefer:

throw new HttpException(401, "Auth Failed")

I don't think the Response.StatusCode method triggers custom errors defined in the web.config file, e.g.

<customErrors mode="On" defaultRedirect="GenericErrorPage.htm">
     <error statusCode="401" redirect="AuthFailed.htm" />
     <error statusCode="403" redirect="NoAccess.htm" />
     <error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>

Throwing a new exception definitely triggers custom errors.

Also, you might be using an application-wide error logging facility, like ELMAH or something, and I don't think the Response.StatusCode method would be logged there, either.

Note: I see now the question said that, ideally, the standard IIS error page should be shown. Obviously, the custom error pages are not wanted. I would use the Response.StatusCode method in that case.

Hey that's awesome! Just what I needed to know! – Richard Barker Jul 22 '15 at 18:47 — Richard Barker, Jul 22 '15 at 18:47

Mitchel Sellers · Answer 4 · 2008-10-20T07:04:10.930

12

You should be able to just use the following, according to MSDN.

Throw New HttpException(401, "Auth Failed")

Edit After seeing the other responses setting the status code would be more appropriate.

edited Oct 20 '08 at 07:04

answered Oct 20 '08 at 06:58

Mitchel Sellers

62,228
14
110
173

3

I tried this and when I checked the http response in the browser, I got an 500 (Internal Server Error) instead of a 401 (Unauthorized) – dreamerkumar Nov 02 '13 at 17:11
Also, isn't throwing exception worse in terms of performance? – dreamerkumar Nov 02 '13 at 17:13
I really don't care what is preferred. This method is shorter and easier to remember so I use it. – Brad May 20 '16 at 18:26

score 10 · Answer 5 · answered Oct 05 '11 at 21:24

One additional comment.

If a portion of the page has already been written to the output buffer then it is important that you clear any buffered content or the page may not appear correctly.

This is quite likely in a templated environment. e.g. Master pages...

Response.ClearContent();
Response.StatusCode = 401;
Response.End();

How to generate an 401 error programmatically in an ASP.NET page

5 Answers5

Linked